Hai, i am new to php and requir your support.

i am dealing with my mysql db.
the user logs on and the login is processed by logon.php.
then the user adds record to the db. the add record is processed by addrec.php.

my problem is, addrec.php is requesting a connection again to add the record. but the user has already provided his logon credentials at the first logon. so how do i main tain his user name and passord through all the scripts ?

please.

This is a simple thing, which can be handled in multiple ways and even combing them

you can (should) set a session on a successful login.

i have a login script (orginally written by gaby solomon) which was written so i could simple include login.php on pages i want password protected, and then it checks if a session exists, if it does and is valid shows page, if not shows login.

you can also set cookies but they are advised against.

have a look for session/login on php.net and google.

i can help more later i have to go out now :P

TP apprieciated

You can use session variables just like any other super global. When you want to create a new session or open a session that already exists use the start_session() command. Then you can begin setting session variables by doing the following $_SESSION['variable'] = $yourvariable. When you want to delete a session use the session_destroy() command.

Thanks NullPointer and Dansgalaxi for the solutions. really appriciated.
let me try them.

Sorry i couldnt exmplain further about sessions, i was being moaned at for not going fast enough

if you need any more help i can try and lend a hand

Thank You very much guys.
yah, session_start() worked for me.
i put the following code in my login script.

Code:

session_start();
$_SESSION['username']=$name;
$_SESSION['password']=$pass;

then when i requir the thease information in addrecord.php file,
i put the folowing code

Code:

session_start();
$name=$_SESSION['username'];
$pass=$_SESSION['password'];

hope my code is correct. because it worked.

let me rate your helpfull posts.

you should really get some security in there tho, as someone know knows how, or just know php enough knows all sorts of bits for hacking, hence you should secure scripts as much as possible.. and ALWAYS use mysql_real_escape_string() on inputs which will go anywhere near your mysql_query() 's Lol

Also make sure you apply encryption before sending a password to the database. You should apply at least an sha1 as soon as you get the password from post ($password = sha1($_POST['password']);

I forgot to mention that also. it mangles it all up and means a) you cant see a users password (but you can just write it in that admin has access to all anyway so u wont need it ) and also if someone hacks the db or even if your host gets nosy ...