I have a form and when I submit it, I do an AJAX call to my server.
On the server-side, I verify the informations by comparing them with some variables in the superglobal $_SESSION like below :
HeCanBuyIt = $ajaxData->priceProduct <= $_SESSION["user"]->moneyOfUser;
I am not sure if it is safe or not to do that (Can the user change the moneyOfUser variable in his session?).
I can also read the user from the database but it costs the time of a SELECT... I know it's not so slow but I prefer the fastest way.
All values in the $_SESSION variable are stored only on the server. The client is only given a session ID, which is stored in a cookie in their browser. There is no way for a user to view or manipulate the values in their $_SESSION unless you have explicitly coded that into your program.
See also: How do PHP sessions work? (not "how are they used?")