PHP: Should I run queries on every page to fetch user information from MYSQL?

Question

Just looking for some 'best practice advice', I'm currently using PHP / MySQL for a website for my University Final Year project.

On each page it will display the username and email address of the user and will display certain options depending on the rank of the user (also defined in MySQL database).

Should I be querying the MySQL database every time with 'SELECT' statements to fetch information about the user or is there a more efficient (yet still secure) method for this?

I have heard of session variables but not sure how secure this would be for storing user rank levels and whether it's a good idea to store 10+ things in the session variable or not.

don't store plain text passwords, and important user info such as credit card numbers etc... then it is secure. [here's a nice read](http://stackoverflow.com/questions/1181105/how-safe-are-php-session-variables) — CodeBird, Mar 29 '14 at 20:13

score 0 · Accepted Answer · answered Mar 29 '14 at 20:13

0

The best way to achieve is this by using sessions.

You can create the sessions while the user logs in, and destroy the session when the user logouts. For your requirement I dont think there is any security concerns.

answered Mar 29 '14 at 20:13

haris

3,775
1
25
28

score 0 · Answer 2 · answered Mar 29 '14 at 20:14

Page1.php

<?php
session_start();

//run the select query (SELECT name,rank FROM TABLE)
//Here is the result array

$_SESSION['users'] = $array;

Now you can use $_SESSION['users'] in the page2.php.

Page2.php

    <?php
    session_start();

$_SESSION['users'] // Do whatever with this variable

how secure this?

Use session_destroy() if you don't need to get information again

PHP: Should I run queries on every page to fetch user information from MYSQL?

2 Answers2