PHP:$_SESSION - 在 $_SESSION 变量中存储临时使用的数据的利弊是什么 [英] PHP: $_SESSION - What are the pros and cons of storing temporarily used data in the $_SESSION variable

问题描述

我最近开始经常做的一件事是在任务开始时检索一些数据并将其存储在 $_SESSION['myDataForTheTask'] 中.

One thing I've started doing more often recently is retrieving some data at the beginning of a task and storing it in a $_SESSION['myDataForTheTask'].

现在这样做似乎很方便，但我对使用这种方法的性能、安全风险或类似方面一无所知.它是由具有更多专业知识的程序员定期完成的事情，还是更像是业余的事情?

Now it seems very convenient to do so but I don't know anything about performance, security risks or similar, using this approach. Is it something which is regularly done by programmers with more expertise or is it more of an amateur thing to do?

例如:

if (!isset($_SESSION['dataentry']))
{
    $query_taskinfo = "SELECT participationcode, modulearray, wavenum FROM mng_wave WHERE wave_id=" . mysql_real_escape_string($_GET['wave_id']);
    $result_taskinfo = $db->query($query_taskinfo);
    $row_taskinfo = $result_taskinfo->fetch_row();

        $dataentry = array("pcode" => $row_taskinfo[0], "modules" => $row_taskinfo[1], "data_id" => 0, "wavenum" => $row_taskinfo[2], "prequest" => FALSE, "highlight" => array());

        $_SESSION['dataentry'] = $dataentry;
}

推荐答案

好吧，会话变量确实是让这些变量在访问者访问网站的整个时间可用的唯一方法之一(可能也是最有效的)，用户没有真正的方法来编辑它们(除了代码中的漏洞利用或 PHP 解释器中的漏洞)，因此它们相当安全.

Well Session variables are really one of the only ways (and probably the most efficient) of having these variables available for the entire time that visitor is on the website, there's no real way for a user to edit them (other than an exploit in your code, or in the PHP interpreter) so they are fairly secure.

这是一种存储可由用户更改的设置的好方法，因为您可以在会话开始时从数据库中读取一次设置并且该设置可用于整个会话，您只需要进一步调用数据库如果设置已更改，当然，正如您在代码中显示的那样，确定设置是否已存在或是否需要从数据库中提取这些设置是微不足道的.

It's a good way of storing settings that can be changed by the user, as you can read the settings from database once at the beginning of a session and it is available for that entire session, you only need to make further database calls if the settings are changed and of course, as you show in your code, it's trivial to find out whether the settings already exist or whether they need to be extracted from database.

我想不出任何其他安全存储临时变量的方法(因为 cookie 很容易被修改，这在大多数情况下是不可取的)，所以 $_SESSION 将是可行的方法

I can't think of any other way of storing temporary variables securely (since cookies can easily be modified and this will be undesirable in most cases) so $_SESSION would be the way to go

这篇关于PHP:$_SESSION - 在 $_SESSION 变量中存储临时使用的数据的利弊是什么的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！