mardi 5 avril 2016

Is it safe to verify a form with the superglobal $_SESSION variable?

First, sorry for my possible bad english.

My question : I have a form and when I submit it, I do an AJAX call to my server. On the server-side, I verify if the informations by comparing them with some variables in the superglobale $_SESSION like below :

HeCanBuyIt = $ajaxData->priceProduct <= $_SESSION["user"]->moneyOfUser;

I am not sure if it is safe or not to do that (Can the user change the "moneyOfUser" variable in his session ?). I can also read the user from the database but it cost the time of a SELECT... I know it's not so slow but I prefer the fastest way.

Thank you ladies and gentlemen.




Aucun commentaire:

Enregistrer un commentaire