zorra

Thank you.  I will try that.

I am either making this too difficult for myself or I don't have a good grasp of what's going on.  Is it possible to have a user log in using his username and pw, then go to another page to update all of his 11 entered fields (like username, pw, address, email, etc) even though he only entered his username & pw in the login page?  My MySQL db is working fine, it's the PHP session variable code that is the problem.  Is there a tutorial or something that I can use as a guide to accomplish this?

Sorry, didn't know.  I hope all is well now.

Oops.  Attached is a snippet from the login page.  It has the session variable code. [code] <?php require_once('../Connections/con_elders_local.php'); ?> <?php // *** Validate request to login to this site. if (!isset($_SESSION)) {   session_start(); } $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) {   $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['UserName'])) {   $loginUsername=$_POST['UserName'];   $password=$_POST['Password'];   $MM_fldUserAuthorization = "UserID";   $MM_redirectLoginSuccess = "../index.php";   $MM_redirectLoginFailed = "login.php?failed=true";   $MM_redirecttoReferrer = true;   mysql_select_db($database_con_elders_local, $con_elders_local);     $LoginRS__query=sprintf("SELECT username, password, UserID FROM elders1 WHERE username='%s' AND password='%s'",   get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));       $LoginRS = mysql_query($LoginRS__query, $con_elders_local) or die(mysql_error());   $loginFoundUser = mysql_num_rows($LoginRS);   if ($loginFoundUser) {         $loginStrGroup  = mysql_result($LoginRS,0,'UserID');         //declare two session variables and assign them     $_SESSION['MM_Username'] = $loginUsername;     $_SESSION['MM_UserGroup'] = $loginStrGroup;           if (isset($_SESSION['PrevUrl']) && true) {       $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];     }     header("Location: " . $MM_redirectLoginSuccess );   }   else {     header("Location: ". $MM_redirectLoginFailed );   } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" [/code]

I have three webpages in my first site that I am having trouble with. The flow of the 3 pages is : Register, then go to Welcome, then go to Login. The Register page has a form with 11 entries. This page is supposed to set a session variable to contain all the input info and use it to populate blanks in the other pages. The welcome page should be able to display username and pw, but just shows up as blank. I eventually want a page where a user can edit their profile (fields from the database). I think everything works except for the session variable, which is supposed to be named UserID (same name as the key database field). Attached is a snippet of the Register user code. I can post the others if needed. [code] <?php require_once('../Connections/con_elders_local.php'); ?> <?php // *** Redirect if username exists $MM_flag="MM_insert"; if (isset($_POST[$MM_flag])) {   $MM_dupKeyRedirect="register_user.php?repeat=true";   $loginUsername = $_POST['username'];   $LoginRS__query = "SELECT username FROM elders1 WHERE username='" . $loginUsername . "'";   mysql_select_db($database_con_elders_local, $con_elders_local);   $LoginRS=mysql_query($LoginRS__query, $con_elders_local) or die(mysql_error());   $loginFoundUser = mysql_num_rows($LoginRS);   //if there is a row in the database, the username was found - can not add the requested username   if($loginFoundUser){     $MM_qsChar = "?";     //append the username to the redirect page     if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";     $MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername;     header ("Location: $MM_dupKeyRedirect");     exit;   } } function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") {   $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;   switch ($theType) {     case "text":       $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";       break;        case "long":     case "int":       $theValue = ($theValue != "") ? intval($theValue) : "NULL";       break;     case "double":       $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";       break;     case "date":       $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";       break;     case "defined":       $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;       break;   }   return $theValue; } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) {   $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "newUser")) { // ob_start()   $insertSQL = sprintf("INSERT INTO elders1 (firstname, lastname, username, password, church, address, city, state, zip, phone, email) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",                        GetSQLValueString($_POST['firstname'], "text"),                        GetSQLValueString($_POST['lastname'], "text"),                        GetSQLValueString($_POST['username'], "text"),                        GetSQLValueString($_POST['password'], "text"),                        GetSQLValueString($_POST['church'], "text"),                        GetSQLValueString($_POST['address'], "text"),                        GetSQLValueString($_POST['city'], "text"),                        GetSQLValueString($_POST['state'], "text"),                        GetSQLValueString($_POST['zip'], "text"),                        GetSQLValueString($_POST['phone'], "text"),                        GetSQLValueString($_POST['email'], "text"));   mysql_select_db($database_con_elders_local, $con_elders_local);   $Result1 = mysql_query($insertSQL, $con_elders_local) or die(mysql_error());   $insertGoTo = "welcome.php";   if (isset($_SERVER['QUERY_STRING'])) {     $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";     $insertGoTo .= $_SERVER['QUERY_STRING'];   }   header(sprintf("Location: %s", $insertGoTo));   //  ob_end_flush() } ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" [/code]