4.8. Form data updates
Added Scratch variable mv_data_enable to gate the update_data function. You must set it before doing a form update. Prior to this it was possible to update a SQL database willy-nilly.
A quick fix like this will allow the update on a single page:
[set update_database] [set mv_data_enable]1[/set] [/set] <INPUT TYPE=hidden NAME=mv_click VALUE=update_database>
It will ensure at least that the user loads one form from you for each update. For best security, gate with a userdb entry like this:
[set update_database] [if type=data term="userdb::trusted::[data session username]"] [set mv_data_enable]1[/set] [else] [set mv_data_enable]0[/set] [/else] [/if] [/set]