Menu
I have a site, where the username is stored in a session variable when they are logged in, I am wondering is it safe to make queries off of the value stored in this session variable?
761
yes, session are stored on server side.
instead of saving user name, you can save user id (int), so that it takes less space on server. Remember that you should handle CSRF, and Session hijacking
123
Yes it is save. However, always escape any input that goes into a query (the best way is a bound parameter). Never trust any variable explicitly, especially if you can't see directly where it comes from (meaning unless you can scroll up and see $foo = 'bar';). So the better method is to just not trust everything, and you'll be safer in the end...
30
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
