Have the user log in and store the associated userID as a session variable.
Make sure to store that userId as part of their insert and that way you can filter the recordset by the userid session variable so that they only have access to their own records.