Eric is right in terms of ACTUALLY passing values client-side. As a rule of thumb that's sloppy/insecure and why it's best to only pass one value -- a PHPSESSID cookie (used by PHP Sessions) or your own hash for database driven sessions. Apart from that you shouldn't be passing 'variables' client side in the first place. Though a LOT of your scripttards don't entirely grasp that concept. I was cleaning up a system a couple years ago that BLEW MY MIND how ridiculously bad it was given it was passing hashed versions of the SQL username, password and host as hidden fields. HERPAFREAKINGDERP. That's dumber than putting them in DEFINE.