Im developing a PHP webapp which have user profiles to create & modify & delete (you know)
When I modify I profile I send the $userID to the PHP page and then I load all the user data. That $userID is store into a hidden input because I need it to launch the UPDATE query after submit.
I have noticed that user can press F12 and change that userID to another one and could modify (or delete) other user profile.
Sorry if is a stupid question, I suppose that this is a common problem in forms submitting, but I don't know how you face it (what is the most secure strategy in this case).
Please help :-)