SESSION or GET?

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
michaeru
Forum Commoner
Posts: 28
Joined: Sun Mar 07, 2010 5:22 pm

SESSION or GET?

Post by michaeru »

Which is better?

This..

Code: Select all

 
 
<a href="forms.php?act=add&cat=venue">Add Venue</a>
 
// Once clicked, will go to the said page and...
URL: forms.php?act=add&cat=venue
<?php
 
  if($_GET['act'] == 'add' && $_GET['cat'] == 'venue') {
 
    // code here
 
  }
 
?>
 
 
Or this..?

Code: Select all

 
 
<a href="controller.php?act=add&cat=venue">Add Venue</a>
 
// Once clicked, will go to the said page and...
URL: controller.php?act=add&cat=venue
<?php
 
  if(isset($_GET['act']) && isset($_GET['cat'])) {
 
    $_SESSION['act'] = $_GET['act'];
    $_SESSION['cat'] = $_GET['cat'];
 
    header('Location: form.php');
 
  }
 
?>
 
// Will be redirected to this page..
URL: form.php
<?php
 
  if($_SESSION['act'] == 'add' && $_SESSION['cat'] == 'venue') {
 
    // code here
 
  }
 
?>
 
 
Where am I getting at? I want the URL to be secure from manipulation. The site I am making should prevent users from jumping or skipping pages.
User avatar
Darhazer
DevNet Resident
Posts: 1011
Joined: Thu May 14, 2009 3:00 pm
Location: HellCity, Bulgaria

Re: SESSION or GET?

Post by Darhazer »

Both urls are manipulated in exactly the same way - changing the value of act and cat parameter.
Instead of trying to harder URL manipulation, validate your data. Keep in mind that POST can also be manipulated.
michaeru
Forum Commoner
Posts: 28
Joined: Sun Mar 07, 2010 5:22 pm

Re: SESSION or GET?

Post by michaeru »

Okay then, If I were to use one of the above codes, which one will you prefer? Using GET or SESSION to hold the act and cat values?

And, your point is that we validate the data sent instead of trying to prevent the data from being changed?
User avatar
Darhazer
DevNet Resident
Posts: 1011
Joined: Thu May 14, 2009 3:00 pm
Location: HellCity, Bulgaria

Re: SESSION or GET?

Post by Darhazer »

michaeru wrote:Okay then, If I were to use one of the above codes, which one will you prefer? Using GET or SESSION to hold the act and cat values?

And, your point is that we validate the data sent instead of trying to prevent the data from being changed?
You are using GET it both cases to pass the values. If you need to save them for later, you can store them in session. If you don't need - do not store them.

GET is a method to pass data to the script. SESSION is a method for storing that data. There cannot be 'or', because those are different things.
michaeru
Forum Commoner
Posts: 28
Joined: Sun Mar 07, 2010 5:22 pm

Re: SESSION or GET?

Post by michaeru »

Thanks.
Post Reply