NYCPHP Meetup

[nycphp-talk] Multipage forms -- sessions or hidden variables

jface at mercenarylabs.com jface at mercenarylabs.com
Thu Sep 7 20:43:56 EDT 2006


I'm admittedly not so well-versed on security issues, but why not hash the CC# (with crypt() or something similar) and store it in sql temporarily? You could store the corresponding sql key id in the session.

On Thu, 07 Sep 2006 20:25:40 -0400, Rolan Yang <rolan at omnistep.com> wrote:
> In my experience, storing/passing all variables via server-side sessions 
> with a mysql based session handler simplifies many things.
> 
> ~Rolan
> 
> Cliff Hirsch wrote:
>>
>> I’m working on a simple multi-page shopping cart. Any thoughts on the 
>> merits of hidden variables versus session variables for moving between 
>> pages. I don’t want to use a hidden variable for a CC #, unless ever 
>> page is secure. Even than, it seems like a poor idea. And I am 
>> interested in minimizing the session load, which translates to extra 
>> DB load. Thoughts?
>>
>> Cliff
>>
>> _______________________________
>> *Pinestream Communications, Inc.*
>> Publisher of /Semiconductor Times/ & /Telecom Trends/
>> 52 Pine Street, Weston, MA 02493 USA
>> Tel: 781.647.8800, Fax: 781.647.8825
>> http://www.pinestream.com <http://www.pinestream.com/>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>>   
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
> 
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php




More information about the talk mailing list