I was pointing out a naming convention difference. An instance of the CGI module is often named $cgi while $query is often a SQL statement about to be fed to a DBI handle (eg $sth).

If your web server is doing HTTP auth, neither of your scripts needs to ship username information to the other; your server ships it to both of them. If you have use CGI; my $cgi = new CGI; in both scripts, and your server is causing pop-up login/password boxes to allow or reject users from running the scripts, then both scripts can obtain the username of this user by referencing $cgi->remote_user() or $ENV{'REMOTE_USER'}. If your scripts need to track more information than username then cookies or server-side storage (SQL tables keyed on username) are where you'd stuff it. Please ignore another recent thread where additional data is obfuscated and passed to the browser then back to the server via hidden form fields :)