What are common pitfalls when trying to store form data in sessions in PHP?

One common pitfall when storing form data in sessions in PHP is not properly sanitizing and validating the data before storing it. This can lead to security vulnerabilities and data integrity issues. To solve this, always sanitize and validate form data before storing it in sessions.

// Sanitize and validate form data before storing in session
if ($_SERVER[&quot;REQUEST_METHOD&quot;] == &quot;POST&quot;) {
    $name = filter_var($_POST[&#039;name&#039;], FILTER_SANITIZE_STRING);
    $email = filter_var($_POST[&#039;email&#039;], FILTER_VALIDATE_EMAIL);

    if ($name &amp;&amp; $email) {
        session_start();
        $_SESSION[&#039;name&#039;] = $name;
        $_SESSION[&#039;email&#039;] = $email;
        header(&quot;Location: success.php&quot;);
        exit;
    } else {
        echo &quot;Invalid form data&quot;;
    }
}

Keywords

session_start $_SESSION serialization unserialize data loss

What are common pitfalls when trying to store form data in sessions in PHP?

Keywords

Related Questions