我有简单的登录PDO MSSQL Server
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = $_POST['user'];
$password = $_POST['pass'];
$hashedPass = passConvert($password);
// Check If User Exits in Database
$stmt = $con->prepare(" SELECT [UID]
,[ID]
,[PWD]
FROM [kal_auth].[dbo].[Login] WHERE [ID] = '$username' AND [PWD] =$hashedPass
");
$stmt->execute();
$row = $stmt->fetchAll(PDO::FETCH_ASSOC);
$count = $stmt->rowCount();
// IF COUNT > 0 This Mean Database Account About Username
if ($count > 0) {
foreach ($row as $rows){
$_SESSION['ID'] = $rows['UID'];
$_SESSION['Username'] = $rows['ID'];
}
header("location:test.php");
}
}
我的问题是..在foreach循环中使_SESSION是安全的还是不安全?