dongzi0850 2016-04-05 22:07
浏览 51
已采纳

使用超全局$ _SESSION变量验证表单是否安全?

I have a form and when I submit it, I do an AJAX call to my server. On the server-side, I verify the informations by comparing them with some variables in the superglobale $_SESSION like below : 

HeCanBuyIt = $ajaxData->priceProduct <= $_SESSION["user"]->moneyOfUser;

I am not sure if it is safe or not to do that (Can the user change the "moneyOfUser" variable in his session?).

I can also read the user from the database but it cost the time of a SELECT... I know it's not so slow but I prefer the fastest way.

  • 写回答

1条回答 默认 最新

  • doudu2515 2016-04-05 22:15
    关注

    All values in the $_SESSION variable are stored only on the server. The client is only given a session ID, which is stored in a cookie in their browser. There is no way for a user to view or manipulate the values in their $_SESSION unless you have explicitly coded that into your program.

    See also: How do PHP sessions work? (not "how are they used?")

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 做个有关计算的小程序
  • ¥15 MPI读取tif文件无法正常给各进程分配路径
  • ¥15 如何用MATLAB实现以下三个公式(有相互嵌套)
  • ¥30 关于#算法#的问题:运用EViews第九版本进行一系列计量经济学的时间数列数据回归分析预测问题 求各位帮我解答一下
  • ¥15 setInterval 页面闪烁,怎么解决
  • ¥15 如何让企业微信机器人实现消息汇总整合
  • ¥50 关于#ui#的问题:做yolov8的ui界面出现的问题
  • ¥15 如何用Python爬取各高校教师公开的教育和工作经历
  • ¥15 TLE9879QXA40 电机驱动
  • ¥20 对于工程问题的非线性数学模型进行线性化