I am trying to make a members only section on a website. The user has to enter his username and password to get logged on. I have set up the registration section for the users and they are able to create an account on my website.
Also as shown in the code below I am able to navigate to the user’s only section of the website. However the problem is that I need to pass the value $myusername to the page members_area.php so that I can do some database queries on that page. How do I do that ?
$sql="SELECT * FROM table_name WHERE email= '$myusername' and password='$mypassword'" ;
$result=mysql_query($sql,$ms);
$user_exist = mysql_num_rows($result);
// if the user is there in the database
if($user_exist>0){
//start a session over here
$_SESSION["valid_user"] = $myusername;
Header('Location: members_area.php');
}
Well, you have several options. Only a few are good.
Since you just stored $myusername in a session variable, you can reference that on members_area.php:
That would be the more secure way, given what you’ve suggested here. Other options involve passing the value with a query string in the URL:
But this isn’t secure and is quite subject to folly. Just FYI it can be done.
However, as a side-note, I might suggest you store a unique identifier (UID or GUID) for each user. It’s just a number that only that user has which uniquely identifies it. You’ll find it is more robust.