dsv768456 2018-06-14 09:45
浏览 43

在PHP中,使用会话从mysql数据库安全获取用户信息? [重复]

In php, is using sessions to fetch user info from mysql database safe? or can the sessions be manipulated by users.

Lets look at the following query as an example. 

$query = $this->db->query("SELECT `private_info` FROM users 
                           WHERE user_id='$_SESSION['user_id']'");

If I logged into a website, and my user id was stored in a SESSION, (eg .$_SESSION['user_id'] = 22), can this $_SESSION['user_id'] be manipulated by the user? (eg changing $_SESSION['user_id'] to 100, which is another user's ID).

The php query above is dependent on session[user_id] when fetching user info. Can users manipulate sessions? If they can, what are some alternative that can be used, rather than fetching user info using user_ids stored in sessions?

Also, Im using codeigniter for reference.

Thanks

</div>
  • 写回答

0条回答 默认 最新

    报告相同问题?

    悬赏问题

    • ¥20 求各位懂行的人,注册表能不能看到usb使用得具体信息,干了什么,传输了什么数据
    • ¥15 个人网站被恶意大量访问,怎么办
    • ¥15 Vue3 大型图片数据拖动排序
    • ¥15 Centos / PETGEM
    • ¥15 划分vlan后不通了
    • ¥15 GDI处理通道视频时总是带有白色锯齿
    • ¥20 用雷电模拟器安装百达屋apk一直闪退
    • ¥15 算能科技20240506咨询(拒绝大模型回答)
    • ¥15 自适应 AR 模型 参数估计Matlab程序
    • ¥100 角动量包络面如何用MATLAB绘制