dongzi0850 2016-04-05 22:07
浏览 51
已采纳

使用超全局$ _SESSION变量验证表单是否安全?

I have a form and when I submit it, I do an AJAX call to my server. On the server-side, I verify the informations by comparing them with some variables in the superglobale $_SESSION like below : 

HeCanBuyIt = $ajaxData->priceProduct <= $_SESSION["user"]->moneyOfUser;

I am not sure if it is safe or not to do that (Can the user change the "moneyOfUser" variable in his session?).

I can also read the user from the database but it cost the time of a SELECT... I know it's not so slow but I prefer the fastest way.

  • 写回答

1条回答 默认 最新

  • doudu2515 2016-04-05 22:15
    关注

    All values in the $_SESSION variable are stored only on the server. The client is only given a session ID, which is stored in a cookie in their browser. There is no way for a user to view or manipulate the values in their $_SESSION unless you have explicitly coded that into your program.

    See also: How do PHP sessions work? (not "how are they used?")

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度
  • ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测