PHP-URL查询字符串参数与会话变量 [英] PHP - URL query string parameters vs session variables
问题描述
哪种方法更可靠,更好,更安全,可用于传递给不同页面的URL变量: 1).使用SESSION变量作为URL参数,或
Which is the more reliable, better and safer method to use for URL variables passed to different pages: 1). Using SESSION variables as URL parameters, or
2).常规查询字符串参数.
2). Regular query string parameters.
关于以下方面的更可靠,更好和更安全": 1.防止源于客户端的问题,例如当用户禁用cookie时 2.浏览器兼容性 3.进行API调用(因为某些API具有局限性和兼容性问题) 4.资源和内存使用情况以及处理速度
"More reliable, better, and safer" with regard to: 1. Preventing problems deriving from the client side, such as when a user disables cookies 2. Browser compatibilities 3. Making API calls (as some API's have limitations and compatibility issues) 4. Resource and memory usage, and processing speed
我正在创建一个站点,其中URL中的查询字符串参数的数量可能会有所不同(URL中可能包含9个值)-基于用户输入.将变量值存储在会话变量中似乎比将所有变量(可能是9个)携带在URL参数中要容易得多.但是由于上述4个问题,我不愿意使用SESSION变量.
I'm creating a site where the amount of query string parameters in the URLs may vary (potentially 9 values carried in the URL) - based on user input. It would seem easier to store the variable values in session variables than to carry all of them (possibly 9) in URL parameters. But because of the 4 concerns mentioned above, I'm hesitant to use SESSION variables.
感谢您的任何建议!
PS. URL参数是动态构建的 放入$ url变量,如下所示:
PS. The URL parameters are being built dynamically into the $url variable, like this:
$keyword = trim($_GET["Keyword"]);
$url = "webpage.php?";
$url .= "&Keyword=$keyword";
$shopByStore = $_GET["store"];
if (!empty($shopByStore)) {
$url .= "&store=$shopByStore";
}
// with 7 more GET methods potentially retrieving values for the URL parameters
URL如下所示:
<a href="<?php echo $url; ?>">anchor text</a><br>
当然,如果我走SESSION变量路线,则可以从URL单击获得用户输入值,并将其存储在SESSION变量中,直到会话结束.
And of course if I go the SESSION variable route, user input values would be obtained from URL clicks and stored in SESSION variables until the session is over.
if (isset($_GET["store"])) {
$_SESSION["shopByStore"] = $_GET["store"];
}
推荐答案
当然,可以在会话变量中保存例如用于搜索的提交关键字.
Of course it is possible to save for example a submitted keyword for a search in a session variable.
但这有用吗?否
当会话被销毁时,会话变量将忘记所有内容.也许用户想要保存搜索或将其提供给其他用户?
The session variable will forget everything, when the session get's destroyed. Maybe the user wants to save the search or give them to another user?
使用GET参数没问题,只需复制完整的URL并确保其安全.
With GET-parameters it is not problem, just copy the full URL and safe it.
但是带有SESSION参数吗?不可能.每个用户都有自己的会话,下次用户访问该网站时,他将获得另一个会话(例如,如果用户之前关闭了浏览器).
But with SESSION parameters? Not possible. Each user has it's own session and the next time the user visits the site, he will get another session (for example if the users closed the browser before).
在会话中,您应该只存储特定于用户的信息.例如,用户ID,用户名或购物篮项目.
In sessions you should only store user specific information. For example the userid, username or basket items.
对于SESSION和GET来说,只有几点.
That are only some points for SESSION vs GET.
这篇关于PHP-URL查询字符串参数与会话变量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
