vickyb

Thanks, I was going to store the user id and a unique MD5 hash for each user record, and then store them as sessions, so when i do an update i'll use the user id and hashed string, for a double check. So you're suggesting not to bother wrapping anything around sessions in that case?

OK thank you, that makes sense. Should I wrap anything around the sessions vars when doing a WHERE lookup? Like mysql_real_escape_string ? Or I guess my question is, if the user logs in and the database flag is set to 1, then when the user is not logged in the flag needs to be set to 0. 0 = not logged in 1 = logged in I could set the flag to 0 when the user logs out of the website, but how do I handle the case where the session expires and the user has to re-login? Because if the session expires before the user actually logs out, then the database flag would still be set to 1, so how do I get it to revert back to 0 if the session expires, or the user simply closes the browser before logging out? Thank you

How would you re-validate without the user having to enter password etc each time?

Hi Thanks, but the reason I dont store all this data when they login is because i need to pull other bits of data also, and it would be too much to store everything as sessions

Hello I am using the following code to fetch the USERS name based on the key I stored as a session when the user logged in My code is $key = $_SESSION['logged_key']; if ($pcess = $mysqli->prepare("SELECT id, name FROM people WHERE key = ? LIMIT 1")) { $pcess->bind_param('s', $key); $pcess->execute(); $pcess->store_result(); $pcess->bind_result($id, $name); $pcess->fetch(); } My question is: Is there a better way to pass the session ID, or run the Query that would increase the security, performance and overall safety? Thanks Everyone V