Is it necessary to clear a session before using them?

Question

Is it necessary to clear a session before using them?

I always do a cleaning method for sessions before using them, for example,

mysql_real_escape_string($_SESSION['username']);

a session associates only an identifier with a physical file that is stored on the server. how can this session be used on the client side to commit malicious activity? Is it necessary to clear a session before using it?

+3

security php

Sarmen B. Jun 17 '11 at 4:20

source share

2 answers

martinstoeckli · Answer 1 · 2011-06-17T06:59:16+0000

If you are reading user input from a session, then you must sanitize it. If the user cannot influence the value (possibly a timestamp), there is no need to check it.

, , . html SQL. HTML-, htmlspecialchars(), MySQL MySql, mysql_real_escape_string().

Travis · Answer 2 · 2011-06-17T04:24:11+0000

mysql_real_escape_string MySQL.

, , ? , , .

, , /.

Is it necessary to clear a session before using them?

More articles: