I have been programming in PHP for several years and have, up 'til now, used a database to store temporary data in a shopping cart or similar sites. Is this really the best approach or is it better to store the cart contents as a session array? Also, with this, is there extra sever load with one option against the other? Thanks for your time.
How do you clear the useless data from the database when the user closes the browser window ? The database approach seems to be useless work, unless you really need to store the data in the database, for some reason. I don't think there's any noticeable extra server load, but sessions are easier to use.
Sessions are meant for temporary storage and Databases are mainly used for permanent storage so it would make more sense for you to use sessions
Yes Crewdesign and bivel comment is right. Storing data in the database will be complicated for you suppose user after adding close the webbrowser you can't delete those data and in this way your database will be full of junk data. But in case of storing data in session or cookie this will be easier.
But I think this may slow down the performance of the page instead using session or cookie it will be much faster then doing any server side programming.
Depends on how big is your temporary data, if it just a few values then session is fine, but if a lot, should be place in database, just make some kind of admin maintenance to delete to data that was created and not used, also it would be a good measure too, to check how many people just closes their browser after shopping.
From what I have read, session data are stored in files in the server. Hence they are vulnerable to exploits. The access time for getting data from files is more than that needed for getting data from database. Hence if carefully programmed, database will be faster option. Also if you want to enable load balancing between servers, then database session management is the only solution. Similarly there are cons too, but I forgot them. I have seen many php experts argue for the database solution. But for less experienced programmers, session will be much easier and simple.
Thanks for your time guys. Up 'til now I have just been putting a date('U'); time-stamp on the database entry and then on admin login it clears all entries older than whatever. There is no personal data stored in the temporary data so session hacking is not a major concern, and it is all tied with an md5 session_id. I appreciate your input. Anyone else have thoughts on best / fastest solution. Thanks again.
Why don't you create a file which delete all entries older than a specified period of time and use cron to call the file at specified intervals? That way, the older entries will get cleared automatically.
Users can edit a session. But a database can also be editted when it is not safe. If your db is safe, I think you should choose for your db. Better: Use both. They can edit sessions, but when the session is not equal to the db, then you have to delete both. Chance to hack is minimized.
A session is just a means of preserving data between page requests. PHP has built-in functionality that uses files to store session database. You can create your own custom sessions to store temporary data in a database, but it's still a session. I assume the built in session functions/array would be faster than writing your own session handlers, but with less functionality - if you ever want to count the number of online users, track which pages are currently being viewed, etc. the initial extra overhead would become insignificant. Try and do that with the default file storage method and it'll be a lot more complicated than the single COUNT query you'd need if sessions were in a database. But if you never need to do any of that, there's no need to re-invent the wheel so stick with the built-in sessions.