When we create a web application, it comprises of a user interface and server side program written in a language like PHP. This PHP program should receive some values through the user interface, process it and produce some meaningful information as the output. Normally a web application receives the input from the user, through a user interface, created entirely from HTML. When the user completes the data entry and presses the submit button, then the entire data goes to the back end processing file written in a server side scripting language like PHP. This PHP script will process the supplied data and produce a final output to be displayed in the browser. Now the most important part in the entire process is the data transfer from the html file to the PHP script.
There are quite a few methods through which data can be transferred between the pages. The most popular and frequently used method is passing variables through url. How this method works can be understood through the example given below,
Let’s consider an example url, http://somewebsite.com/script.php?id=4&lang=en,
In the above example, id and lang are the parameter names with the respective values, 4 and en. These parameters are being passed for execution of a PHP script called script.php, which is located in a web domain called somewebsite.com. So if you intend transfer data to a php script located in a web domain, all you have to do is to write down the parameter names and values after the ‘?’ symbol in the url. If there is more than 1 parameter then they can be separated by the ampersand ‘&’ symbol. Passed data can be accessed through the server variables $_GET[‘variable_name’] and $_POST[‘variable_name’].
But the above method has got many limitations, since this method could be manipulated by the users to get access to unauthorized information. So if you want to pass crucial information like user authentication details; username and password, url method is not at all effective. So to protect the sanctity of such sensitive data, passing parameters by sessions should be preferred. Sessions are a set of temporary variables, which store the sensitive information about a user. This information persists through these variables until the browser is closed. Every session is allotted a unique sessionID and this sessionID can be either passed through URL or through cookies.
In order to start a session, a function called session_start() is used. Once session_start() is executed, a unique session is created and you can allot sensitive values in the PHP script to the newly created session through the PHP server variable, $_SESSION[‘variable_name’]. Let us consider an example of the PHP code, create a new session and associate the transferred username and password with it,
<?php session_start(); $_SESSION[‘username’] = “John”; $_SESSION[‘password’] = “xyzghj”; ?>