One thing I’ve started doing more often recently is retrieving some data at the beginning of a task and storing it in a $_SESSION[‘myDataForTheTask’].
Now it seems very convenient to do so but I don’t know anything about performance, security risks or similar, using this approach. Is it something which is regularly done by programmers with more expertise or is it more of an amateur thing to do?
For example:
if (!isset($_SESSION['dataentry'])) { $query_taskinfo = 'SELECT participationcode, modulearray, wavenum FROM mng_wave WHERE wave_id=' . mysql_real_escape_string($_GET['wave_id']); $result_taskinfo = $db->query($query_taskinfo); $row_taskinfo = $result_taskinfo->fetch_row(); $dataentry = array('pcode' => $row_taskinfo[0], 'modules' => $row_taskinfo[1], 'data_id' => 0, 'wavenum' => $row_taskinfo[2], 'prequest' => FALSE, 'highlight' => array()); $_SESSION['dataentry'] = $dataentry; }
Well Session variables are really one of the only ways (and probably the most efficient) of having these variables available for the entire time that visitor is on the website, there’s no real way for a user to edit them (other than an exploit in your code, or in the PHP interpreter) so they are fairly secure.
It’s a good way of storing settings that can be changed by the user, as you can read the settings from database once at the beginning of a session and it is available for that entire session, you only need to make further database calls if the settings are changed and of course, as you show in your code, it’s trivial to find out whether the settings already exist or whether they need to be extracted from database.
I can’t think of any other way of storing temporary variables securely (since cookies can easily be modified and this will be undesirable in most cases) so $_SESSION would be the way to go