在PHP中，使用会话从mysql数据库安全获取用户信息？ [重复]

In php, is using sessions to fetch user info from mysql database safe? or can the sessions be manipulated by users.

Lets look at the following query as an example.

$query = $this->db->query("SELECT `private_info` FROM users 
                           WHERE user_id='$_SESSION['user_id']'");

If I logged into a website, and my user id was stored in a SESSION, (eg .$_SESSION['user_id'] = 22), can this $_SESSION['user_id'] be manipulated by the user? (eg changing $_SESSION['user_id'] to 100, which is another user's ID).

The php query above is dependent on session[user_id] when fetching user info. Can users manipulate sessions? If they can, what are some alternative that can be used, rather than fetching user info using user_ids stored in sessions?

Also, Im using codeigniter for reference.

Thanks

</div>