Which is the more reliable, better and safer method to use for URL variables passed to different pages: 1). Using SESSION variables as URL parameters, or
2). Regular query string parameters.
"More reliable, better, and safer" with regard to: 1. Preventing problems deriving from the client side, such as when a user disables cookies 2. Browser compatibilities 3. Making API calls (as some API's have limitations and compatibility issues) 4. Resource and memory usage, and processing speed
I'm creating a site where the amount of query string parameters in the URLs may vary (potentially 9 values carried in the URL) - based on user input. It would seem easier to store the variable values in session variables than to carry all of them (possibly 9) in URL parameters. But because of the 4 concerns mentioned above, I'm hesitant to use SESSION variables.
Thanks for any advice!
PS. The URL parameters are being built dynamically into the $url variable, like this:
$keyword = trim($_GET["Keyword"]);
$url = "webpage.php?";
$url .= "&Keyword=$keyword";
$shopByStore = $_GET["store"];
if (!empty($shopByStore)) {
$url .= "&store=$shopByStore";
}
// with 7 more GET methods potentially retrieving values for the URL parameters
The URL's will look like this:
<a href="<?php echo $url; ?>">anchor text</a><br>
And of course if I go the SESSION variable route, user input values would be obtained from URL clicks and stored in SESSION variables until the session is over.
if (isset($_GET["store"])) {
$_SESSION["shopByStore"] = $_GET["store"];
}
