PHP合并$ _ POST到$ _SESSION [英] PHP merge $_POST into $_SESSION

问题描述

有没有办法采取$ _POST数据数组，并将其合并到$ _SESSION数组。我希望它保持当前的数据完​​好无损，只插入新的数据或更新已更改的作品。我试过array_merge但它并没有做什么，我一直在寻找。

感谢

解决方案

 的foreach（$ _ POST为$关键=＆GT; $ VAL）{
    如果（！使用isset（$ _ SESSION [$关键]）||（$ VAL！== $ _SESSION [$关键]））{
        $ _SESSION [$关键] = $ VAL;
    }
}
 

总之，如果当前感考虑的POST键值没有在SESSION ARRA一个相应的条目，或这两个值不同，则POST数据复制到会议

但是，要知道，这将允许恶意用户覆盖整个会话数组。如果他们知道你保持 $ _ SESSION ['is_admin'] 标记，它们可以用平凡适当的值覆盖它，并给自己的超级用户权限。

+直接一味用户提供的数据转移到会话变量从来都不是一个好主意。

Is there a way to take the $_POST data array and merge it into the $_SESSION array. I want it to keep the current data intact and only insert new data or update the pieces that have been changed. I've tried array_merge but it didn't do what I was looking for.

Thanks

解决方案

foreach ($_POST as $key => $val) {
    if (!isset($_SESSION[$key]) || ($val !== $_SESSION[$key])) {
        $_SESSION[$key] = $val;
    }
}

in short, if the currently-being-considered POST key value doesn't have a corresponding entry in the SESSION arra, or the two values differ, then copy the POST data to SESSION.

However, be aware that this would allow malicious users to overwrite the entire session array. If they know that you keep a $_SESSION['is_admin'] flag, they can trivially overwrite it with an appropriate value and give themselves superuser powers.

Directly+blindly transferring user-provided data into the session variable is NEVER a good idea.

这篇关于PHP合并$ _ POST到$ _SESSION的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！