[support] Passing Variable between Forms
Earnie Boyd
earnie at users.sourceforge.net
Thu Oct 23 12:22:40 UTC 2008
Quoting "Metzler, David" <metzlerd at evergreen.edu>:
> Yes and while we're at it, serialization is unneccesary unless you're
> talking about objects. I store nested arrays of data in session
> variables all the time ind drupal code.
>
Yes but I always do so that I don't have to worry about the type of
data stored.
> -----Original Message-----
> From: support-bounces at drupal.org [mailto:support-bounces at drupal.org] On
> Behalf Of Jonathan Hedstrom
> Sent: Wednesday, October 22, 2008 1:55 PM
> To: support at drupal.org
> Subject: Re: [support] Passing Variable between Forms
>
>
>
> Earnie Boyd wrote:
>> This suggestion is a misuse of the variable_set/get methods as a
>> resolution to the OP's question. Store the serialized data in a
>> $_SESSION['mymod'] data and then set the default values of your new
>> form using the unserialized data from $_SESSION['mymod']. However, if
>
>> you have sensitive data you'll need to encrypt and decrypt it as well
>
>> as serialize the data.
>>
> What would encrypting the sensitive data in the $_SESSION variable
> accomplish, since the final resting place (the Drupal node/user/variable
> tables etc), aren't encrypted?
>
Why wouldn't you encrypt sensitive data stored in the DB? If the data
shouldn't be for all eyes it better be encrypted when stored. Yes, I
know the arguments about the ease of decryption but at least you can
prove you obscured the data in a court of law. You also made an
assumption that may not be true, the OP may store his data in his own
tables and perhaps in a different DB.
Earnie -- http://for-my-kids.com/
-- http://give-me-an-offer.com/
More information about the support
mailing list