To update records on a website, I'm currently passing the id of that record through as a hidden field. Obviously, this is open to hacking, altering the record value so that another record is updated ...