help and comments on posting hidden form details

dupls

I want to have a link on a page that has the following code and direct to another page. But is my data still secure?

Question: Do I need to add in the beginning cause I want to do a database lookup of the value?
Username = $SESSION['username'];
Password =$SESSION['password'];

The code also doesn't do the transferring to the action page. It just stays on this page (blank output).

Guidence please?

devinemke

generally speaking, it is a bad idea to store sensitive info (usernames/passwords) as hidden form fields since they are stored as plain text in HTML tags. if you want to temporarily store data then you should look at [man]sessions[/man], and of course there's SSL for sending data securely from client to server.

dupls

I'll look into the ssl but didn't the code above use sessions? I'll look more at the liinks your provided, thanks.

Also if I was just to pass username without password, then security wouldn't be an issue. If I was to use the above script, can anyone advise what's wrong with it as I can't get the username to be carried across to the other site.

Any samples on the SSL and Sessions to view?

Stinger51

Did you remember to call session_start() at the very beginning of the next page (the page you are trying to pass these vars to)?

Only then will your code :

Username = $SESSION['username'];
Password =$SESSION['password'];

work properly.

And that's only if you are not using the latest Zone Alarm Pro as your firewall. 🙂

dupls

Sorry Stinger51, it's not working. Maybe if I go about this in a different way for me to understand.

I have people loggin using username and password. but in my database I have other fields such as email.

All I want to do is echo out the logged in username and email address to screen.

I'm not using $sessions or $cookies so I need to do a database lookup.

Right?