dongzi0850 2016-04-05 22:07
浏览 51
已采纳

使用超全局$ _SESSION变量验证表单是否安全?

I have a form and when I submit it, I do an AJAX call to my server. On the server-side, I verify the informations by comparing them with some variables in the superglobale $_SESSION like below : 

HeCanBuyIt = $ajaxData->priceProduct <= $_SESSION["user"]->moneyOfUser;

I am not sure if it is safe or not to do that (Can the user change the "moneyOfUser" variable in his session?).

I can also read the user from the database but it cost the time of a SELECT... I know it's not so slow but I prefer the fastest way.

  • 写回答

1条回答 默认 最新

  • doudu2515 2016-04-05 22:15
    关注

    All values in the $_SESSION variable are stored only on the server. The client is only given a session ID, which is stored in a cookie in their browser. There is no way for a user to view or manipulate the values in their $_SESSION unless you have explicitly coded that into your program.

    See also: How do PHP sessions work? (not "how are they used?")

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 运筹学中在线排序的时间在线排序的在线LPT算法
  • ¥30 求一段fortran代码用IVF编译运行的结果
  • ¥15 深度学习根据CNN网络模型,搭建BP模型并训练MNIST数据集
  • ¥15 lammps拉伸应力应变曲线分析
  • ¥15 C++ 头文件/宏冲突问题解决
  • ¥15 用comsol模拟大气湍流通过底部加热(温度不同)的腔体
  • ¥50 安卓adb backup备份子用户应用数据失败
  • ¥20 有人能用聚类分析帮我分析一下文本内容嘛
  • ¥15 请问Lammps做复合材料拉伸模拟,应力应变曲线问题
  • ¥30 python代码,帮调试,帮帮忙吧