How can I secure the data that my session posts so that to reduce injections?
Is there perhaps something I need to add when I use $_SESSION[''] = $var; or when I retrieve the data by $var = $_SESSION[''];?
How can I secure the data that my session posts so that to reduce injections?
Is there perhaps something I need to add when I use $_SESSION[''] = $var; or when I retrieve the data by $var = $_SESSION[''];?
What do you mean by secure? It depends on what you are going to eventually do with the data and the origin of the data, and in that case it doesn't vary from what you do for other variables. If you are planning on displaying the data on the $_SESSION
array, you should escape it with htmlentities
or htmlspecialchars
to prevent XSS, etc. If you are using the data in the $_SESSION
array in a query, you should mysql_real_escape_string
it (or, even better, use bound parameters) to prevent injection. If you have full control of the data that is going into the $_SESSION
, then there's not much to worry about.