Hi Manfred,
that's exactly what I found looking with more attention at my code.
Forgetting the second equal sign made what was supposed to be a test an assignment instead (btw, I suppose that the assignment is evalueted always TRUE so the if condition is always satisfied).
What do you think about my code scheme? Do you find it appropriate to secure my app?
Actually I just need to send in an userID and an actionID, then a switch statement in the php is used to prepare a few different sql queries where the userID is used to return info specific for that user. No INSERTs, UPDATEs or other kind of db statement, only SELECT queries.
User here is more an app/group ID than a real user (intended as a person).
Thanks for your attention,
Umberto