1

另一个,也许是傻瓜,问题。我正在制作一个网站,现在我在$_SESSION直接从表本身请求用户数据之间进退两难。所以,我现在的两个想法:

  1. 从 mySQL 中检索所需的值,然后将它们设置为$_SESSION数组。所以,当我需要一些东西时,我可以打电话给$_SESSION["username"]. 它也有一些缺点。例如,如果管理员更改了一些用户数据,即用户名(这是一个蹩脚的例子,但仍然如此)。
  2. 直接从 SQL 中检索值。在这种情况下,我可以调用一些调用 SQL 查询并给我结果的函数。

所以,问题是,哪种方法更适合使用,或者您可以建议任何替代方法。

谢谢。

4

2 回答 2

2

For frequently-used data but relatively unchanging data, such as names ("Hello, $firstname, welcome back") that would be used on every page request, you probably should cache them in the session. The slight additional parsing/loading overhead will be far less than having to yank that data out of the DB each time.

For relatively critical data, e.g. 'account is disabled', you may want to hit the database each time. However, this would depend on your security needs. If it's ok for a banned user to be able to wander around your system for a short period after their account is disabled, you can implement a time-out counter in the session, e.g. after every 50 hits, you refresh the data in the session regardless.

于 2012-08-17T19:40:36.097 回答
1

不要在 SESSION 中保留用户名,而是保留用户 ID,并且不要让管理员更改用户 ID。创建帐户后,不应修改其用户 ID。并为每个页面加载检查数据库中的内容。

于 2012-08-17T19:37:37.460 回答