I am building a session array with 3 information: mail , password and id

Question

0

Asked: May 28, 20262026-05-28T17:26:51+00:00 2026-05-28T17:26:51+00:00

I am building a session array with 3 information: mail , password and id

0

I am building a session array with 3 information: mail, password and id. mail and password i use from the POST. Note that before using the data i use mysql_real_escape_string for the mail and sha1 for the password. But for id I get the value from the database. The question is: Should I do 'id'=>htmlentities($data['ENS_ID']) instead of just 'id'=>$data['ENS_ID'] for security purpose? Sorry if my question makes no sense to you but I am a bit lost with securization. Thank you in advance for your replies. Cheers. Marc

$result = mysql_query("SELECT * FROM ENS_MEMBRES WHERE ENS_MAIL = '$mail' AND ENS_PASS = '$password'");

if(mysql_num_rows($result)==1){

    $data=mysql_fetch_assoc($result);   
    $_SESSION['Auth']=array(
        'mail'=>$mail,
        'password'=>$password,
        'id'=>$data['ENS_ID'],
    );

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-28T17:26:52+00:00

Editorial Team

2026-05-28T17:26:52+00:00Added an answer on May 28, 2026 at 5:26 pm

You can store the ID in your session as as, but whenever you use it in another context, you have to escape it appropriately. That means:

when using in a database query, use prepared statements
when outputting in an HTML page, use htmlspecialchars
when using as part of an url, use (raw)urlencode
when executing external commands, use escapeshellarg, or escapeshellcmd respectively.
…

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am building a session array with 3 information: mail , password and id

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply