What is the best way to correct this issue to ensure that the customer can never query another customer’s orders?
You must be careful when coding a When-Button-Pressed trigger, because it does not accept restricted built-ins.