PHP - URL query string parameters vs session variables

不想你离开。 提交于 2020-03-06 09:52:21

问题


Which is the more reliable, better and safer method to use for URL variables passed to different pages: 1). Using SESSION variables as URL parameters, or

2). Regular query string parameters.

"More reliable, better, and safer" with regard to: 1. Preventing problems deriving from the client side, such as when a user disables cookies 2. Browser compatibilities 3. Making API calls (as some API's have limitations and compatibility issues) 4. Resource and memory usage, and processing speed

I'm creating a site where the amount of query string parameters in the URLs may vary (potentially 9 values carried in the URL) - based on user input. It would seem easier to store the variable values in session variables than to carry all of them (possibly 9) in URL parameters. But because of the 4 concerns mentioned above, I'm hesitant to use SESSION variables.

Thanks for any advice!

PS. The URL parameters are being built dynamically into the $url variable, like this:

$keyword = trim($_GET["Keyword"]);

$url = "webpage.php?";
$url .= "&Keyword=$keyword";

$shopByStore = $_GET["store"];
if (!empty($shopByStore)) {
$url .= "&store=$shopByStore";
}
// with 7 more GET methods potentially retrieving values for the URL parameters 

The URL's will look like this:

<a href="<?php echo $url; ?>">anchor text</a><br>

And of course if I go the SESSION variable route, user input values would be obtained from URL clicks and stored in SESSION variables until the session is over.

if (isset($_GET["store"])) {
$_SESSION["shopByStore"] = $_GET["store"];
}  

回答1:


Of course it is possible to save for example a submitted keyword for a search in a session variable.

But is it useful? No.

The session variable will forget everything, when the session get's destroyed. Maybe the user wants to save the search or give them to another user?

With GET-parameters it is not problem, just copy the full URL and safe it.

But with SESSION parameters? Not possible. Each user has it's own session and the next time the user visits the site, he will get another session (for example if the users closed the browser before).

In sessions you should only store user specific information. For example the userid, username or basket items.

That are only some points for SESSION vs GET.



来源:https://stackoverflow.com/questions/23012748/php-url-query-string-parameters-vs-session-variables

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!