0

I have two PHP pages: One displays the information about an object retrieved from MySQL database and the other allows the user to edit it. The user is transferred from the first page (the view page) to the edit page upon clicking a hyperlink.

I would like to set the information retrieved from the database in session before passing on to the edit page so as to avoid an extra database call. How can I set an object in session upon a hyperlink click event? I know I could append the object as a variable to the GET request but is there a cleaner way than that?

Improve this question
2
  • 1
    i would jsut make the extra db call, its probably going to be cached by the db server and it shouldn't be a problem even if it is not. probably greater overheads in witting and reading a session file than the db call Commented Jul 1, 2014 at 22:59
  • personally, i store objects in sessions all the time for common unsensitive data such as public user information. i guess it depends on your preferences and your save handler. if you use redis it will be faster than a mysql call, but it will also use more memory(and swapping if you are low on memory) Commented Jul 2, 2014 at 0:05

3 Answers 3

Reset to default
1

Put the object into the session ($_SESSION['object'] = $object) when the page one loads (or when you retrieve the object from the database). This way you avoid a second call to the database. If you want to place it into the session upon the click event, a second call would be necessary, since you would have to make an AJAX call to a PHP script that retrieves the object. However, this may only make sense if the user is expected to edit that information, otherwise it is just storing data into sessions for no reason, which may also expose security bugs. If your database call doesn't retrieve millions of records, or you don't have hundreds of millions of users editing data in the same time, I can assure you that the impact on the performance by making a second call will go unnoticed.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Makes sense - is there any pointer to a sample AJAX code I can look at? I am pretty clueless about AJAX - thanks in advance
code.tutsplus.com/tutorials/…
1

Adding an object to the session:

$_SESSION['the_object'] = $object;

(Disclaimer: Will not work if the object contains any non-serializable components like closures)

Now when to do it? Actually, you have to do it on the page that shows the data, because if you do it later when the user clicks the edit link, this already triggers a new request which then would again go to the database - you'd have two requests (one for the list, one for the edit).

Generally, the edit link has the ID of the database entry to be edited. But pay attention to carefully check whether the user is allowed to have access or not, because MySQL will simply increment the ID, so it's easy to guess which IDs are valid. Anyone with a tiny bit of clue can modify a HTML form to tamper with IDs.

The approach with the session is somewhat easier: You only allow to edit what has been stored in the session, so the access control has to be done on the list page only.

Improve this answer

7 Comments

That won't work without session_start() OP might not know that.
If he talks about sessions, I guess he has figured it out.
He/she didn't post any code. We shouldn't assume. I know what a steering wheel does. I wouldn't know how to install one.
Sven - thanks much. I still have one question - how do I put the object in session upon a hyperlink click? If I put the object in session on page load - I maybe wasting memory space incase the user never clicks the edit link. So I want to put the object in session only if the user click edit - so that the relevant object is in memory.
What is the benefit of putting the object into the session when you click "edit"? At this point you have to read from the DB, then showing the edit form. After saving the edit, the only thing you have to do is write back to the DB.
|
0

For those who may be looking for a code snippet to help do this - here it is

Page 1 - this page just loads data from a DB and displays it in a non-editable mode on the screen. On this page we need an Javascript function that can be activated when the hyperlink is clicked 

<script language="JavaScript" type="text/javascript">
    function processEditLink(){
        $.post('process_session_put.php', <?php echo "{S-Object:'".json_encode($obj_)."'});"; ?>
        window.location.href = 'edit_object.php';
    }
</script>

To explain the above code - we are taking an object (referred to as obj_) and encoding it into the JSON version by using the inbuilt function json_encode. Remember to ensure your object implements JsonSerializable in order to accomplish this. After that we are passing that JSON string as a POST URI parameter via AJAX to a secret page called process_session_put.php. This call is never visible to the end user and happens secretly when the hyperlink is clicked. The secret PHP page will decode the JSON string back into the PHP object and put it in session for all to use. Finally, once that function is complete, the window redirects to the actual edit page that can access data from session and populate the screen.

Next we should modify the hyperlink to trigger this Javascript function when it is clicked as below

<a class="edit-link" href="javascript:processEditLink(this);return false;">[Edit]</a>

Finally - the PHP page called process_session_put.php - which actually does the background work of decoding the JSON string passed to it back into the object format and putting it in session

<?php

    if (!isset($_SESSION))
    {
        session_start();
    }

    // OBTAIN THE JSON STRING FROM POST URL, DECODE IT AND PUT IT BACK AS A OBJECT IN SESSION
    $_SESSION["E-Object"] = json_decode($_POST["S-Object"]);
?>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.