[eluser]Mark van der Walle[/eluser]
Was not pointing any blame just trying to help the topic starter. Also you should always have a way to identify your users. An autoincrent works quite nicely. You could when logging in also set this ID in the session. That way you have two things:
* A way to check if someone is logged in and thus allowing certain actions
* A way to identify that user with his ID. You can use this ID in all queries where crud actions on the user record is done.