redgorilla

[!--quoteo(post=373080:date=May 10 2006, 11:29 PM:name=Buyocat)--][div class=\'quotetop\']QUOTE(Buyocat @ May 10 2006, 11:29 PM) [snapback]373080[/snapback][/div][div class=\'quotemain\'][!--quotec--] Red, could you be more clear? Do you mean that you want to store in a user session everyone's information? More likely, you mean you want to store everyone's information in a database and store a user's specific information in a session/cookie. But out of curiousity why do you want it to be "so secure"? I don't think adding more to a session will make things any more secure, and some things, such as IP address, will just make more trouble for yourself. Most likely, just the user id will be enough and you can query the database to confirm the user and his information at the beginning of each page if you are worried. [/quote] As i said it's paranoia :-). I just want to store unique code both in session and in cookies and compare it with value that stored in db. Or i should not use cookie at all for current use info?

Hello. I have some experience in php and have just started writing of my own first medium sized script. I have used some ready classes but decided to make my own secure class and improve it later. So the most important part is security issue. I decided to make paranoiac class that will store unique created id in sessions, cookies and database both with user ip. So i think it will protect from stealing session and cookies. Is it paranoia or it will work?

Also is pear protect from sql injection? I really don't sure should i use it or not. I will use MySQL 100%, so no other databases. I think using different database type is strongest side of Pear DB abstract layer. There are a lot of programmers here that developed big projects i think so please advice what do you use to handle database connection.

Is pear db class faster then core php mysql function? Does anyone have some comparison of this 2 option?

Hi. I have started right now my first medium sized project in PHP/MySQL and have following questions. Should i use pear extension to handle db transaction. Is it faster and more secure then write simple db handling class or use existing on? Please advice to rookie - i don't want waste time inventing one more bicycle:-)