Posted by J.O. Aho on 12/15/06 09:02

Dave Nash wrote:
> On Fri, 15 Dec 2006 16:31:28 +1000, "Vince Morgan"


> Ive setup up a link to grab the userid variable on the index page once
> logged in, but it doesnt seem to work.

You need to store the userid to the session (assuming u_name is unique)

$query="SELECT userid FROM users WHERE u_name='{$_SESSION['userid']}'";
$row=mysql_fetch_array($query);
$_SESSION['userid']=$row['userid'];

> <?php echo"<a href=\"file.php?userid=" . $_SESSION['userid'] . "\"
> class=\"a\">Link</a>"; ?>

As you know whom your user is ($_SESSION), you don't need to pass the userid
over a link, you could just make

<a href="file.php" class="a">Link</a>

as in the file.php you can easily just check if the the $_GET/$_REQUEST has
the userid or not.

/* Assumes you stored the userid to the session, else you need to fetch it
from the db before storing it to the $userid */
if(!isset($_REQUEST['userid'])) {
$userid=$_SESSION['userid'];
} else {
$userid=$_REQUEST['userid'];
}

> but when I use the u_name variable it works fine.
>
> <?php echo"<a href=\"file.php?u_name=" . $_SESSION['u_name'] . "\"
> class=\"a\">Link</a>"; ?>
>
> This is my query.
> "select userid from users
> where u_name='" . $_SESSION['u_name'] . "' and p_word='" .
> $_SESSION['p_word'] . "'"

IMHO it's not good to store passwords in a session, the session can be
readable for the wrong persons on the web server and those someone can get the
passwords. I wouldn't store passwords as plain text in a database for the same
reason, MD5() is a good function in the SQL and PHP, store the password in
MD5 format in the database.


--

//Aho

[Back to original message]