应该在哪里存储数据？ 会话变量或隐藏字段？

I am building an web app that basically does booking stuffs in PHASE 1. I have planned to complete booking in 4/5 steps. First, checking device is ready or not, second seeing allocation of device, third getting customer information, fourth payment information.

I just want to know about how the data is to be stored till the last page where we store all data in the database. Till then, how to move data from one page to another.

Which technique is best? If there are any other techniques to store informations from page to page, Please I need to know for my project. I also need to protect those information from being hacked.

I am using PHP and framework is Codeigniter

Primarily opinion based, but each has pros and cons.

Storing in $_SESSION:

• Pro: allows you to store private data that you don't necessarily want to fire back to the user, ie: either application-internal data, or the user's private data that should not be returned into the page, such as credit card details, passwords, and other personal information.
• Con: The session will expire after its configured timeout, and the user will lose their work.

Storing in hidden fields:

• Basically reverse the pros and cons for $_SESSION.
• IMHO, using hidden fields like this is a huge kludge.

The ideal way is to use a custom session handler to store the session data in a way that it is not lost when the session expires.

If you are building a multipart form, I would store the information from each part in a MySQL database which would give the end user the ability to save and come back later since sessions will expire.

Use Sessions. Hidden fields can be modified and exposed to the user via Google Dev Tools or Firebug or any other tools. So it's best to use Sessions.