I did some coding on a site where register_globals is set to on. The
problem I encountered was that the session variable changed without my
changing it explicitly. I knew that in register globals being on, that
all the variables were global variables. What I didn't realize was that
it set up an equivalence such that the variable is an alias for the
session variable with the key name of that variable. That is,
$_SESSION['key'] is the same as $key.

I got around the problem by changing the key of the the session variable
to something unique.

Here is a little test script:
<?php
session_start();
$_SESSION['company'] = 'This';
print '1: ' . $_SESSION['company'] . '<br>';
$company = 0;
print '2: ' . $_SESSION['company'] . '<br>';
$_SESSION['company'] = 'This';
print '3: ' . $_SESSION['company'] . '<br>';
$company = 'That';
print '4: ' . $_SESSION['company'];
$foo = 'Foo';
print '5: ' . $_SESSION['foo'] . '<br>';
?>

Here is the output:
1: This
2: 0
3: This
4: That
5: Foo

What's the question?

I would recommend against using register_globals anyway. The directive
is deprecated and due for removal as of PHP 6 as it has security
vulnerabilities.

macca wrote:

Quote:

What's the question?

Read the subject title! I am passing on a little personal experience,
and not asking a question.

Quote:

>
I would recommend against using register_globals anyway. The directive

I agree totally, however it is not always under our control to make that
decision. Many places will not change because it would break too many
existing applications.

Quote:

is deprecated and due for removal as of PHP 6 as it has security
vulnerabilities.

.....and that might hinder acceptance of PHP 6 if it will force turning
it off. That is for the reason I gave above.

Quote:

>