What is the correct way to store a value that was sent from browser into $_SESSION?

Question

So I want to retrieve the data stored in a <input type='text'> tag, and then store it in the $_SESSION array on my server.

I'm using a method of sending a GET request with ajax, then assign the value from $_GET to $_SESSION, so I can use the session value later.

The AJAX get request:

var xhttp = window.XMLHttpRequest ? new XMLHttpRequest() : new ActiveXObject('Microsoft.XMLHTTP');
console.log('Sending email address to system')
xhttp.open('GET','database.php?email='+email_address, false)
xhttp.send()

And then in database.php:

 if(isset($_GET['email'])){
    $_SESSION['email'] = $_GET['email'];
  }

Is there an easier way to do this? Some kind of http request that just stores that data into $_SESSION directly instead of using $_GET? in the middle?

Short answer is No, in fact you are not doing enough, you need to at least sanitize the input and you may consider validating the email and returning an error/success message. — Arleigh Hix, Jun 03 '19 at 04:20

score 0 · Answer 1 · edited Jun 20 '20 at 09:12

0

You might:

start session
do your session saving/updating/chanings
destroy session if necessary or you can set/unset variables

Example

// Maybe, start of index.php
session_start();

if(isset($_GET['email'])){
    $_SESSION['email'] = $_GET['email'];
}


// after everything is over, you may want to destroy it: 
session_destroy();

This post also has some additional info.

edited Jun 20 '20 at 09:12

Community

1
1

answered Apr 28 '19 at 01:13

Emma

27,428
11
44
69

What is the correct way to store a value that was sent from browser into $_SESSION?

1 Answers1

Example