what is the best way to pass variables between pages? i was looking at this site: http://mrarrowhead.com/index.php?page=php_passing_variables.php, and thought maybe sessions? and then to secure it, just delete (or remove) the sessions after you are done doing whatever to the data.
If you need the page to be linkable, with the parameters provided by the passed variables, then you should use the GET super global. There are also times when it makes sense to use both sessions and GET together.
I usually only use sessions in password protected areas, or in registration forms.
The session id is automatically destroyed when the page is closed, but you can also force it to be destroyed or reset.
so sql injection (besides using mysql_real_escape_string on the sending page) shouldn't be an issue? for posting a topic on a discussion board, it should work fine? any security issues that need to be considered?
what about logging in? let's say i have a toolbar with a login. then i would need to run the credentials against the login page? or could I do it on that same page? also, if they are wrong, I would have to re-direct them to the login page to try again. what would be the best way to do this?
For logging in, use sessions. GET would not make sense. Also, the David Powers book "PHP Solutions" has nice log-in example code. It culminates at the last chapter. It isn't "ready to go" in that you will need to refine it to your needs, but it is definately a nice place to start. You will see that his example code handles your questions. If someone tries to access a protected page, they get bounced to the log-in page, and if they fail the log-in credentials, they will get the log-in screen again, with a friendly error message.
If you get the Powers book, make sure you get the second edition. I have not seen the first edition, but I will guess that it doesn't use SQLi and PDO in the examples, which the second editon does.