dadamssg Posted April 2, 2009 Share Posted April 2, 2009 i have a small date selection where the user inputs a date, the script calculates the number of days until that date and stores it in a session, it also passes the number through the url. example mysite.php?days=12 i use the session variable right now in my query and do nothing with the $_GET['days'], my question is should i make sure the session variable is set, if not use the $_get? as in if(!isset($_SESSION['days'])) { $days = (int) $_GET['days']; } else { $days = $_SESSION['days']; } and use $days in my query....or is this all unnecessary and im having too little faith in session variables? Link to comment https://forums.phpfreaks.com/topic/152175-_session-reliability/ Share on other sites More sharing options...
Yesideez Posted April 2, 2009 Share Posted April 2, 2009 As long as you make sure session_start() is at the start of your scripts I can't see why you can't use session variables alone although they can (and do) timeout so if the user leaves the PC for some time and comes back later the session variables would have expired. If you're expecting a number then there's no reason why you can't use intval() to make sure you're definitely getting a number. This helps is the user modifies the session variable/URL to try injection. if (!isset($_SESSION['days'])) { $days = intval($_GET['days']); } else { $days = intval($_SESSION['days']); } Link to comment https://forums.phpfreaks.com/topic/152175-_session-reliability/#findComment-799272 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.