I am writing a foto upload site. A PHP page displays the uploades
fotos an the customer can choose several things. The data of the fotos
are kept in an array called bilder. I keep the data in a session. When
the customer send the data the following code will be run:
if (isset($sendord er_x))
{
session_start() ;
$nachricht = $bemerkungen;
session_registe r(nachricht);
// echo "1.: ";
// print_r($bilder ); // The array still exists in the session file
// echo "<br>\n2.: ";
for ($i = 1; $i <= $bildanzahl; $i++)
{
$formatname = "formate" . substr("00" . $i, -2);
$copyname = "copy" . substr("00" . $i, -2);
$bilder[$i]->format = $$formatname;
$bilder[$i]->anzahl = $$copyname;
}
// print_r($bilder ); // bilder[] exists with the changed data in the
session file
// echo "<br>\n3.: ";
$briefporto = $porto;
session_registe r(briefporto);
// session_registe r(bilder);
// print_r($bilder );
// exit(); // bilder[] exists with the changed data in the session
file
// echo "<br>\n";
header("Locatio n: datenupdate.php ");
}
The page datenupdate.php starts with the fololwing code:
<?php
session_start() ;
// print_r($bilder );
// exit(); // all data is in the session file, but the array bilder[]
is empty now!
include ("database.php" );
$dbid = connect();
.....
You can read in the comments, what happens. The lines, which start
with commenst, are for debugging.
Has anyone an idea, what the reason for tis behavior is? BTW, I use
PHP 5.1.4, Apache Server 2 on WinXP prof. SP2
And: This is no Easter Egg :-).
Have a nice spring, Hartmut 5 1597
Baeribeeri napisał(a):
I am writing a foto upload site. A PHP page displays the uploades
fotos an the customer can choose several things. The data of the fotos
are kept in an array called bilder. I keep the data in a session. When
the customer send the data the following code will be run:
<?php
session_start() ;
// print_r($bilder );
// exit(); // all data is in the session file, but the array bilder[]
is empty now!
include ("database.php" );
$dbid = connect();
....
http://php.net/manual/en/function.session-register.php
"If your script uses session_registe r(), it will not work in
environments where the PHP directive register_global s is disabled."
1) check your php.ini for register_global s directive and turn it on (not
recommended)
2) use $_SESSION variable - best way to avoid such problems
--
Wiktor Walc http://phpfreelancer.net
On 9 Apr., 21:59, iktorn <s...@phpfreela ncer.netwrote:
> http://php.net/manual/en/function.session-register.php
"If your script uses session_registe r(), it will not work in
environments where the PHP directive register_global s is disabled."
1) check your php.ini for register_global s directive and turn it on (not
recommended)
2) use $_SESSION variable - best way to avoid such problems
--
Wiktor Walchttp://phpfreelancer.n et
register_global s is enabled. Not only on my development machine. My
Webhoster has register_global s enabled, too.
The funny thing is, that other variables, which contain strings and
integers, don't forget their values in the session file on the
webserver. Only the array bilder[] forget the contents.
I rewrote the code using $_SESSION variables. The problems stays.
Hartmut Jäger (http: www.jaeger-edv-service.de)
Baeribeeri wrote:
On 9 Apr., 21:59, iktorn <s...@phpfreela ncer.netwrote:
>http://php.net/manual/en/function.session-register.php
"If your script uses session_registe r(), it will not work in environments where the PHP directive register_global s is disabled."
1) check your php.ini for register_global s directive and turn it on (not recommended) 2) use $_SESSION variable - best way to avoid such problems
-- Wiktor Walchttp://phpfreelancer.n et
register_global s is enabled. Not only on my development machine. My
Webhoster has register_global s enabled, too.
The funny thing is, that other variables, which contain strings and
integers, don't forget their values in the session file on the
webserver. Only the array bilder[] forget the contents.
I rewrote the code using $_SESSION variables. The problems stays.
Hartmut Jäger (http:www.jaeger-edv-service.de)
First of all, don't use session_registe r(). It's not needed. Just use
the $_SESSION array.
Then ensure you aren't accidentally changing $_SESSION['bilder'] or
$bilder. It's easy to do with $register_globa ls on. IOW, is the code
you showed all the code, or just an excerpt.
And if this is a shared host, I would change hosting companies. The
security warnings have been out there for years - and I wouldn't trust
anyone who hasn't learned by now the potential problems it causes.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== ===
On 11 Apr., 14:49, Jerry Stuckle <jstuck...@attg lobal.netwrote:
First of all, don't use session_registe r(). It's not needed. Just use
the $_SESSION array.
Then ensure you aren't accidentally changing $_SESSION['bilder'] or
$bilder. It's easy to do with $register_globa ls on. IOW, is the code
you showed all the code, or just an excerpt.
And if this is a shared host, I would change hosting companies. The
security warnings have been out there for years - and I wouldn't trust
anyone who hasn't learned by now the potential problems it causes.
Yes, it is an excerpt. The complete code of the php file is more than
500 lines long. And, yes, I changed some values of the array bilder[].
I have to do this, because in the first step, the customer uploads the
photos and in the second step the customer chooses the format and the
number of copies, the material and so on.
But I found a workaround, that looks much better for me. I only use
the session to transport a session id. All contents of the variables
are stored in a MySQL database table, which will be deleted after the
complete order. Stuck orders will be deleted automaticly after two
days with a cron job script.
BTW, my webhoster is the number two in size in Germany.
But thanks for your help. Enjoy the spring weather (in Germany it is
really wonderful in the moment.)
Hartmut Jäger ( www.jaeger-edv-service.de)
Baeribeeri wrote:
On 11 Apr., 14:49, Jerry Stuckle <jstuck...@attg lobal.netwrote:
>First of all, don't use session_registe r(). It's not needed. Just use the $_SESSION array.
Then ensure you aren't accidentally changing $_SESSION['bilder'] or $bilder. It's easy to do with $register_globa ls on. IOW, is the code you showed all the code, or just an excerpt.
And if this is a shared host, I would change hosting companies. The security warnings have been out there for years - and I wouldn't trust anyone who hasn't learned by now the potential problems it causes.
Yes, it is an excerpt. The complete code of the php file is more than
500 lines long. And, yes, I changed some values of the array bilder[].
I have to do this, because in the first step, the customer uploads the
photos and in the second step the customer chooses the format and the
number of copies, the material and so on.
But I found a workaround, that looks much better for me. I only use
the session to transport a session id. All contents of the variables
are stored in a MySQL database table, which will be deleted after the
complete order. Stuck orders will be deleted automaticly after two
days with a cron job script.
That's one way to do it.
BTW, my webhoster is the number two in size in Germany.
That doesn't mean they know anything about security. I've seen some
pretty big hosting companies who got that way only because they were
cheap. And these usually have the cheapest tech support people (i.e.
the least knowledgeable - or the least caring).
No way would I ever stay with someone who has register_global s on, no
matter how big/rich/whatever they are. It shows a definite lack of
technical competence and/or a lack of caring about security.
But thanks for your help. Enjoy the spring weather (in Germany it is
really wonderful in the moment.)
Hartmut Jäger (www.jaeger-edv-service.de)
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== === This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: mrbog |
last post by:
Tell me if my assertion is wrong here:
The only way to prevent session hijacking is to NEVER store
authentication information (such as name/password) in the session.
Well, to never authenticate a user from information you got from the
session. Each secure app on a site must challenge the user for name
and password, each and every time the...
|
by: Ronald |
last post by:
Hi there!
I have a website partly written in ASP in where a shoppingbasket is used.
The products of the shoppingbasket are stored in the session-object. (We
use IIS6 on Windows 2003). This was working well for a couple of days. But,
after a while everytime I reload the shoppingbasket I see different products
which I've never added. So it...
|
by: Johan Nedin |
last post by:
Hello!
I have a problem with SQLSession state on my ASP.NET pages.
SQLSession state behaves very different from InProcess session state,
which I think is very bad.
I can understand some of the differences, e.g that every object you
store in SQLSession state have to be serializable, but other
differences are very unfortunate.
|
by: Aidas Pasilis |
last post by:
I'm saving some values to the Session state and get some strange results.
To be short I'll write example code and standart behavior:
Code Example:
/////////////////////////////////////////////////////////////////////////////////////////
private void WriteToSessionButton_Click(object sender, , System.EventArgs e)
{
Session = "My value";
|
by: Victor |
last post by:
I've got two domain names sharing the same IP address that use ASP VBScript
If I set a session variable with domain 1, it is only available for domain 1 - this is
correct?
If I set an application variable with domain 1, the app variable is sharing across all
domains using that IP address - this is correct?
This is the behavior I am...
| |
by: BillE |
last post by:
When a user opens a new IE browser window using File-New-Window the
integrity of an application which relies on session state is COMPLETELY
undermined. Anyone who overlooks the fact that File-New-Window creates an
instance of IE in the same process with the same SessionID as the parent
window is in big trouble. This fundamentally restricts...
|
by: BillE |
last post by:
Some ASP.NET applications use Session Variables extensively to maintain
state.
These should be re-written to use viewstate, hidden fields, querystring,
etc. instead.
This is because if a user opens a new IE window with Ctrl-N or
File-New-Window, BOTH WINDOWS SHARE THE SAME SESSION VARIABLES. This cannot
be prevented.
|
by: =?Utf-8?B?RGF2aWQgVGhpZWxlbg==?= |
last post by:
I tried:
<sessionState timeout="1">
</sessionState>
bounced IIS, and after 1 minute still had a session.
???
--
thanks - dave
|
by: Andrew Teece |
last post by:
Hope someone can help.
We are trying to deploy an ASP.Net 2.0 application to a 3-node webfarm.
The application uses the ReportViewer control in local mode, hence we
need session state.
Because we dont wan't a single point of failure we use SQL Session
State.
I have setup a persistant sql session state database on a SQL 2000
server (this is...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it. ...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...
| |