How can I secure the data that my session posts so that to reduce injections?
Is there perhaps something I need to add when I use $_SESSION[''] = $var; or when I retrieve the data by $var = $_SESSION[''];?
+1
A:
What do you mean by secure? It depends on what you are going to eventually do with the data and the origin of the data, and in that case it doesn't vary from what you do for other variables. If you are planning on displaying the data on the $_SESSION array, you should escape it with htmlentities or htmlspecialchars to prevent XSS, etc. If you are using the data in the $_SESSION array in a query, you should mysql_real_escape_string it (or, even better, use bound parameters) to prevent injection. If you have full control of the data that is going into the $_SESSION, then there's not much to worry about.
Paolo Bergantino
2009-04-01 01:33:29