Yup, session variables are the way to go (man!) I just set up something similar at http://www.fresh-toast.net/netmeeting, when a user has successfully registered or logged in , a session variable is set. Make sure to start a session at the top of your script.
session_start(); $user_id=105; session_register("user_id"); ..... if session_is_registered("user_id") { ..... execute user code... } I found that by checking if the variable is *registered* rather than *set* you get the advantage that users can't post a form or URL to your script to set the varible user_id in the global scope (assuming you have register_globals switched on in php.ini, as most ISPs do) : i.e. you know you set it rather than somebody else, and can rely on the value. Cheers, Neil Smith. >Hi there. You could avoid all of that trouble by using session variables. >Upon successful login create/register a session variable to let the system >know who they are, then on subsequent pages you want protected do a check to >see if it exists, if not send them on their merry way. > >hth Joe :) > > ><[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi list, hope someone can help me here. > > > > I have content management system I have designed. I am still learning php >so help here would be appreciated. > > > > The user logs into the system, and we carry there user name over the pages >using a link to each page with the value of their name carried over as >follows: ../index.php?name=<?echo("$name")?> > > > > This works fine for the whole site, except when a user makes changes to a >entry. Once they submit adding a new entry or modifying an existing one, the >value of : ../index.php?name=My Name ends up being ./index.php?name=My > > > > It deletes the end of the name of the url, so that when the user clicks >the link it does not really know who they are. > > > > I have used a hidden field to carry the value of the name over the pages, >but it does not work on forms. > > > > I hope this makes some sort of sense. > > > > If anyone knows of a workaround. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php