0

login->purchase->stored data->log out

how to make after user login into user session when he purchase something in this website will store in database

9th Apr 2018, 8:25 PM
wong wei qien
wong wei qien - avatar
1 Answer
0
I wouldn’t recommend using a session variable for purchases since they can be altered by malicious users or MitM or other sniffing attacks. I’d say try just posting the data using AJAX or directly through a POST ($_POST[‘some-form-input-name’]) and having it update in your database. Once it’s updated you could use the session variable to identify if a purchase was successful and match it up with the data from the database. Make sure to run reference checks on your own data and not trust what may be coming from the client side. That’ll save you any headache from people tampering to try and get free stuff. Good luck!
11th Apr 2018, 5:04 PM
Xpl0it
Xpl0it - avatar