473,441 Members | 2,512 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > "register_globals off" and "session side-effect"

Join Bytes to post your question to a community of 473,441 software developers and data experts.

"register_globals off" and "session side-effect"

Hi,

I set the register_globals off and try to get my code working under
the new conditions. I stuck on the following problem:

Warning: Unknown(): Your script possibly relies on a session side-
effect which existed until PHP 4.2.3. Please be advised that the
session extension does not consider global variables as a source of
data, unless register_globals is enabled. You can disable this
functionality and this warning by setting session.bug_compat_42 or
session.bug_compat_warn to off, respectively. in Unknown on line 0

I have no idea what they understand under the "session side-effect" as
well as "session extension" and how this "extension" can "consider"
something.

I tried to find something in the newsgroups and I found that:
http://groups.google.com/group/comp....b0666dea7d75fd

But I am not sure that I correctly understand the suggested solution
of the problem. I should replace all global variables which I care
about by "normal variables"? I.e. $varname = global-array[$varname].
Why I cannot use the global variables directly?
Jan 16 '08 #1
10 25182
Kurda Yon wrote:
Hi,

I set the register_globals off and try to get my code working under
the new conditions. I stuck on the following problem:

Warning: Unknown(): Your script possibly relies on a session side-
effect which existed until PHP 4.2.3. Please be advised that the
session extension does not consider global variables as a source of
data, unless register_globals is enabled. You can disable this
functionality and this warning by setting session.bug_compat_42 or
session.bug_compat_warn to off, respectively. in Unknown on line 0

I have no idea what they understand under the "session side-effect" as
well as "session extension" and how this "extension" can "consider"
something.

I tried to find something in the newsgroups and I found that:
http://groups.google.com/group/comp....b0666dea7d75fd

But I am not sure that I correctly understand the suggested solution
of the problem. I should replace all global variables which I care
about by "normal variables"? I.e. $varname = global-array[$varname].
Why I cannot use the global variables directly?
Your going to need to paste us some of the code. Kind of hard to tell
what its not liking without seeing it.

--
Daniel Ennis
faNetworks.net - Quality Web Hosting and Ventrilo Services
System Administrator / Web Developer
PHP Developer for 6 years
da****@fanetworks.net
Jan 16 '08 #2
Kurda Yon wrote:
But I am not sure that I correctly understand the suggested solution
of the problem. I should replace all global variables which I care
about by "normal variables"? I.e. $varname = global-array[$varname].
Why I cannot use the global variables directly?
Yes, the subject has been discussed here recently. I'll past the classic
example for you to understand quickly:

...
if( isset($admin) ) {
..
}
...

Now: http://mysite.net/myscript.php?admin=1
Here we go.

Thus, globals aren't registered automatically anymore, you have to do it
yourself: $registered_global = $_SESSION['unregistered_global'];

-thib´
Jan 16 '08 #3
Kurda Yon wrote:
Hi,

I set the register_globals off and try to get my code working under
the new conditions. I stuck on the following problem:

Warning: Unknown(): Your script possibly relies on a session side-
effect which existed until PHP 4.2.3. Please be advised that the
session extension does not consider global variables as a source of
data, unless register_globals is enabled. You can disable this
functionality and this warning by setting session.bug_compat_42 or
session.bug_compat_warn to off, respectively. in Unknown on line 0

I have no idea what they understand under the "session side-effect" as
well as "session extension" and how this "extension" can "consider"
something.

I tried to find something in the newsgroups and I found that:
http://groups.google.com/group/comp....b0666dea7d75fd

But I am not sure that I correctly understand the suggested solution
of the problem. I should replace all global variables which I care
about by "normal variables"? I.e. $varname = global-array[$varname].
Why I cannot use the global variables directly?
Are you using session_register() or similar functions in your code?

As Daniel said - code would help.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Jan 16 '08 #4
On Jan 15, 8:30 pm, thib´ <th...@coralsnake-team.comwrote:
Kurda Yon wrote:
But I am not sure that I correctly understand the suggested solution
of the problem. I should replace all global variables which I care
about by "normal variables"? I.e. $varname = global-array[$varname].
Why I cannot use the global variables directly?

Yes, the subject has been discussed here recently. I'll past the classic
example for you to understand quickly:

..
if( isset($admin) ) {
..}

..

Now:http://mysite.net/myscript.php?admin=1
Here we go.
Is $admin a global variable? I thought that it can be global only
after "global $admin;"-line in the code. Am I wrong? Any variable
which is given to the php-script via the address line will
automatically become global (if register_global is "on")?

Thus, globals aren't registered automatically anymore, you have to do it
yourself: $registered_global = $_SESSION['unregistered_global'];
I think I have some problems with the terminology. The above example I
would describe as follow. We have assign to a "normal" variable
($registered_global), a value taken from a session variable
($_SESSION). But you replace "normal" by "global" and "assignment" by
the "registration". Do you consider any "assignment" as the
"registration" or only those "assignment" is a "registration" in which
the value was taken from the $_SESSION?
Jan 16 '08 #5
>
Are you using session_register() or similar functions in your code?
Yes I use the "session_register()". I do not know which part of the
code should I send. It is huge and I have no idea where the problem
starts.
Jan 16 '08 #6
thib´ wrote:
Kurda Yon wrote:
>But I am not sure that I correctly understand the suggested solution
of the problem. I should replace all global variables which I care
about by "normal variables"? I.e. $varname = global-array[$varname].
Why I cannot use the global variables directly?

Yes, the subject has been discussed here recently. I'll past the classic
example for you to understand quickly:

..
if( isset($admin) ) {
..
}
..

Now: http://mysite.net/myscript.php?admin=1
Here we go.

Thus, globals aren't registered automatically anymore, you have to do it
yourself: $registered_global = $_SESSION['unregistered_global'];

-thib´
Yes, that's already been discussed. We've moved on. Please don't
confuse him more!

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Jan 16 '08 #7
>
..
if( isset($admin) ) {
..}

..

Now:http://mysite.net/myscript.php?admin=1
Here we go.
But even if the register_global is off the following can happen:
if( isset($_GET['admin']) ) {
...}
Now:http://mysite.net/myscript.php?admin=1

Or the ideas is that developer (programmer) will remember that $_GET
is something what is coming from the outside and will never relate the
access with the elements of $_GET?
Jan 16 '08 #8
Kurda Yon wrote:
On Jan 15, 8:30 pm, thib´ <th...@coralsnake-team.comwrote:
>Kurda Yon wrote:
>>But I am not sure that I correctly understand the suggested solution
of the problem. I should replace all global variables which I care
about by "normal variables"? I.e. $varname = global-array[$varname].
Why I cannot use the global variables directly?
Yes, the subject has been discussed here recently. I'll past the classic
example for you to understand quickly:

..
if( isset($admin) ) {
..}

..

Now:http://mysite.net/myscript.php?admin=1
Here we go.
Is $admin a global variable? I thought that it can be global only
after "global $admin;"-line in the code. Am I wrong? Any variable
which is given to the php-script via the address line will
automatically become global (if register_global is "on")?

>Thus, globals aren't registered automatically anymore, you have to do it
yourself: $registered_global = $_SESSION['unregistered_global'];
I think I have some problems with the terminology. The above example I
would describe as follow. We have assign to a "normal" variable
($registered_global), a value taken from a session variable
($_SESSION). But you replace "normal" by "global" and "assignment" by
the "registration". Do you consider any "assignment" as the
"registration" or only those "assignment" is a "registration" in which
the value was taken from the $_SESSION?
No - register_globals has nothing to do with variables you specify as
global yourself.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Jan 16 '08 #9
Kurda Yon wrote:
>Are you using session_register() or similar functions in your code?
Yes I use the "session_register()". I do not know which part of the
code should I send. It is huge and I have no idea where the problem
starts.
Start by getting rid of deprecated functions such as session_register.
Just use the $_SESSION array.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Jan 16 '08 #10
Kurda Yon wrote:
>..
if( isset($admin) ) {
..}

..

Now:http://mysite.net/myscript.php?admin=1
Here we go.

But even if the register_global is off the following can happen:
if( isset($_GET['admin']) ) {
..}
Now:http://mysite.net/myscript.php?admin=1

Or the ideas is that developer (programmer) will remember that $_GET
is something what is coming from the outside and will never relate the
access with the elements of $_GET?
That is true. But $_GET['admin'] is set - not $admin. And the only way
the $_GET array gets populated is by the query string in the uri (unless
you set it yourself - which is a bad idea).

And you know that $_GET['admin'] is coming from the query string. With
register_globals on, $admin could have been set by the session, a
cookie, or get or post parameters. And you have no idea where it came from.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Jan 16 '08 #11
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
Follow-up: "Mouse-Over" Drop-Down Menus
by: Larry R Harrison Jr | last post by:
I have them working now, courtesy of the link given in the prior thread--the HVMenu over at Dynamic Drive myself. http://www.dynamicdrive.com I have them working as side-bar menus, not...
Javascript
3
A "few" old session files never deleted?
by: Jerry Sievers | last post by:
Hello. I have session files stored in a special tmp directory specific to a virtual host instance. The Max_lifetime is long 86400 (1 day) which I don't suppose is the problem. Anyway the...
PHP
7
Bug in Access 2003 ? Error after 380 CreateObject("MAPI.Session")
by: Ottar | last post by:
I've made a program sorting incomming mail in public folder. The function runs every minute by using the form.timer event. In Access XP it runs for weeks, no problem. Access 2003 runs the same...
Microsoft Access / VBA
6
Universal "Session" Functionality?
by: Steve - DND | last post by:
I'm currently creating an application with an n-tier design(not separate boxes for each layer, just separation of pres/logic/data) that will have both a web and windows interface. I'm trying to...
C# / C Sharp
14
equivalent C# for VB.NET "Session"
by: dale zhang | last post by:
Hi groups, Can anyone give me the equivalent C# sharp code for this VB.ET code, :: VB.NET :: Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) _ Handles...
C# / C Sharp
5
need guidance on users "session data" management.
by: jensen bredal | last post by:
I need to keep track on user "session data" while still turning session off as i do not want users login to expire? Thanks JB
ASP.NET
23
Aren't session variable preserved using "Header('Location: xxx')"?
by: lwoods | last post by:
I am trying to pass some info to another page on my site. I set "session_start()" in page 1, assign a session variable to a value, then execute a "header('Location: ....')." But on the target...
PHP
5
How to "Log Off" a user
by: GaryDean | last post by:
Using 1.1.... I have an application using Forms Authentication that, like all other such applicaitons, uses FormsAuthentication.RedirectFromLoginPage to authenticate a user. at a point in time...
ASP.NET
26
"Array to String Conversion" error when constructing a multi-dimensional array
by: drako | last post by:
Hi, I'm a bit stumped as I am getting a "Notice: Array to String Conversion" error when trying to do something that on the surface should be a very simple task - create an array, and write a set...
PHP
2
Tip about register globals set to "on"
by: sheldonlg | last post by:
I did some coding on a site where register_globals is set to on. The problem I encountered was that the session variable changed without my changing it explicitly. I knew that in register globals...
PHP
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!