Hey Edward,
I've actually read the entire book, and even most of the advanced PHP book. The key difference here is that in chapter 18, a user is logging in with a email address and password. So using those two parameters, we query the database and return the unique user ID (via session variable if desired) and that's fine. More so, that's done using a form.
The difference here is that say I am the manager of 10 employees. I have a view users page where I can view all my employees. It doesn't seem practical to be forced to enter a email/pass/or any combination every time I want to edit or delete a user. More importantly, there is a table and row of data - the question is how can we pass that row selection (securely) to the back end for php processing?
I could set up a form, but that defeats the purpose of a clean UI where a manger can simply use the datagrid (or table) to edit/delete their employers. Alternatively, I had thought about encrypting the id and recovering it after it's passed through the URL, but I'm not sure how practical that is. If you feel chapter 18 still addresses my above comments, please explain.
I really wonder what Larry has to say on this as well. I know there must be a best practice out there used by the pros. .
Thanks,