tags:

views:

20

answers:

2
Q: 

php request/post/get/session expiration

I know a SESSION can expire but what about $_REQUEST/$_POST/$_GET variables?

My question is, I have users that submit information and I need to set a Id for that information before I insert it into a database. Now I thought about using a SESSION but the problem is if the session expires before the user has submitted the information to the database they loose the Id I need. Would passing it the $_REQUEST/$_POST/$_GET variable(s) be a better solution or should I just use a variable and readjust the script?

Also I was using SESSION as it's very easy to call from inside a function without passing it in.

function setInfo() {
   // no need to pass I can call from within
   $Id = $_SESSION['Id'];
}

Is this good practice?

EDIT: Would this be better as a cookie?

A: 

You can use a hidden field in the form, and store the the value of hidden field in database ("maybe or very probably" you will need a separate table for this). When user submits the form you check that the submitted value for hidden var exists in the database.

When the request from particular value is processed, delete it from database.

Ashwini Dhekane  2010-10-04 14:33:38
I wouldn't recommend that as a basis of security. Even if the field is hidden, I can still manipulate it on the client side. it would help in keeping the data there for the life of the form, but it wouldn't amount to security.
FatherStorm  2010-10-04 14:39:18
+1  A: 

My first question would be, are you not able to insert a row and retrieve a auto-incrementing ID with @@IDENTITY?. you can't really "Store" data in $_REQUEST, $_POST or $_GET, that data is only there from when the client submits a page, form, link request to the server to when you finish and send to output the resulting page. Either way, you would most likely use the $_SESSION space to store the info that needs to be carried to other pages.

FatherStorm  2010-10-04 14:37:33
This is what I'm doing now but running into the problem of users session expiring. That causes the id to be reset and a new id is issued. I was using SESSION to hold the pre-fetched database record Id as the id
Phill Pafford  2010-10-04 14:45:10
understandable about the $_REQUEST, $_POST or $_GET just looking for another method to store the information if without regenerating the Id on session experation. good tips though thnx
Phill Pafford  2010-10-04 14:49:34

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases