By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,369 Members | 1,138 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,369 IT Pros & Developers. It's quick & easy.

Funny session behavior

P: n/a
I am writing a foto upload site. A PHP page displays the uploades
fotos an the customer can choose several things. The data of the fotos
are kept in an array called bilder. I keep the data in a session. When
the customer send the data the following code will be run:

if (isset($sendorder_x))
{
session_start();
$nachricht = $bemerkungen;
session_register(nachricht);
// echo "1.: ";
// print_r($bilder); // The array still exists in the session file
// echo "<br>\n2.: ";
for ($i = 1; $i <= $bildanzahl; $i++)
{
$formatname = "formate" . substr("00" . $i, -2);
$copyname = "copy" . substr("00" . $i, -2);
$bilder[$i]->format = $$formatname;
$bilder[$i]->anzahl = $$copyname;
}
// print_r($bilder); // bilder[] exists with the changed data in the
session file
// echo "<br>\n3.: ";
$briefporto = $porto;
session_register(briefporto);
// session_register(bilder);
// print_r($bilder);
// exit(); // bilder[] exists with the changed data in the session
file
// echo "<br>\n";
header("Location: datenupdate.php");
}

The page datenupdate.php starts with the fololwing code:

<?php
session_start();
// print_r($bilder);
// exit(); // all data is in the session file, but the array bilder[]
is empty now!
include ("database.php");
$dbid = connect();
.....

You can read in the comments, what happens. The lines, which start
with commenst, are for debugging.

Has anyone an idea, what the reason for tis behavior is? BTW, I use
PHP 5.1.4, Apache Server 2 on WinXP prof. SP2

And: This is no Easter Egg :-).

Have a nice spring, Hartmut

Apr 9 '07 #1
Share this Question
Share on Google+
5 Replies


P: n/a
Baeribeeri napisał(a):
I am writing a foto upload site. A PHP page displays the uploades
fotos an the customer can choose several things. The data of the fotos
are kept in an array called bilder. I keep the data in a session. When
the customer send the data the following code will be run:

<?php
session_start();
// print_r($bilder);
// exit(); // all data is in the session file, but the array bilder[]
is empty now!
include ("database.php");
$dbid = connect();
....
http://php.net/manual/en/function.session-register.php

"If your script uses session_register(), it will not work in
environments where the PHP directive register_globals is disabled."

1) check your php.ini for register_globals directive and turn it on (not
recommended)
2) use $_SESSION variable - best way to avoid such problems

--
Wiktor Walc
http://phpfreelancer.net
Apr 9 '07 #2

P: n/a
On 9 Apr., 21:59, iktorn <s...@phpfreelancer.netwrote:
>
http://php.net/manual/en/function.session-register.php

"If your script uses session_register(), it will not work in
environments where the PHP directive register_globals is disabled."

1) check your php.ini for register_globals directive and turn it on (not
recommended)
2) use $_SESSION variable - best way to avoid such problems

--
Wiktor Walchttp://phpfreelancer.net
register_globals is enabled. Not only on my development machine. My
Webhoster has register_globals enabled, too.
The funny thing is, that other variables, which contain strings and
integers, don't forget their values in the session file on the
webserver. Only the array bilder[] forget the contents.

I rewrote the code using $_SESSION variables. The problems stays.

Hartmut Jäger (http:www.jaeger-edv-service.de)
Apr 11 '07 #3

P: n/a
Baeribeeri wrote:
On 9 Apr., 21:59, iktorn <s...@phpfreelancer.netwrote:
>http://php.net/manual/en/function.session-register.php

"If your script uses session_register(), it will not work in
environments where the PHP directive register_globals is disabled."

1) check your php.ini for register_globals directive and turn it on (not
recommended)
2) use $_SESSION variable - best way to avoid such problems

--
Wiktor Walchttp://phpfreelancer.net

register_globals is enabled. Not only on my development machine. My
Webhoster has register_globals enabled, too.
The funny thing is, that other variables, which contain strings and
integers, don't forget their values in the session file on the
webserver. Only the array bilder[] forget the contents.

I rewrote the code using $_SESSION variables. The problems stays.

Hartmut Jäger (http:www.jaeger-edv-service.de)

First of all, don't use session_register(). It's not needed. Just use
the $_SESSION array.

Then ensure you aren't accidentally changing $_SESSION['bilder'] or
$bilder. It's easy to do with $register_globals on. IOW, is the code
you showed all the code, or just an excerpt.

And if this is a shared host, I would change hosting companies. The
security warnings have been out there for years - and I wouldn't trust
anyone who hasn't learned by now the potential problems it causes.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Apr 11 '07 #4

P: n/a
On 11 Apr., 14:49, Jerry Stuckle <jstuck...@attglobal.netwrote:
First of all, don't use session_register(). It's not needed. Just use
the $_SESSION array.

Then ensure you aren't accidentally changing $_SESSION['bilder'] or
$bilder. It's easy to do with $register_globals on. IOW, is the code
you showed all the code, or just an excerpt.

And if this is a shared host, I would change hosting companies. The
security warnings have been out there for years - and I wouldn't trust
anyone who hasn't learned by now the potential problems it causes.
Yes, it is an excerpt. The complete code of the php file is more than
500 lines long. And, yes, I changed some values of the array bilder[].
I have to do this, because in the first step, the customer uploads the
photos and in the second step the customer chooses the format and the
number of copies, the material and so on.

But I found a workaround, that looks much better for me. I only use
the session to transport a session id. All contents of the variables
are stored in a MySQL database table, which will be deleted after the
complete order. Stuck orders will be deleted automaticly after two
days with a cron job script.

BTW, my webhoster is the number two in size in Germany.

But thanks for your help. Enjoy the spring weather (in Germany it is
really wonderful in the moment.)

Hartmut Jäger (www.jaeger-edv-service.de)

Apr 13 '07 #5

P: n/a
Baeribeeri wrote:
On 11 Apr., 14:49, Jerry Stuckle <jstuck...@attglobal.netwrote:
>First of all, don't use session_register(). It's not needed. Just use
the $_SESSION array.

Then ensure you aren't accidentally changing $_SESSION['bilder'] or
$bilder. It's easy to do with $register_globals on. IOW, is the code
you showed all the code, or just an excerpt.

And if this is a shared host, I would change hosting companies. The
security warnings have been out there for years - and I wouldn't trust
anyone who hasn't learned by now the potential problems it causes.

Yes, it is an excerpt. The complete code of the php file is more than
500 lines long. And, yes, I changed some values of the array bilder[].
I have to do this, because in the first step, the customer uploads the
photos and in the second step the customer chooses the format and the
number of copies, the material and so on.

But I found a workaround, that looks much better for me. I only use
the session to transport a session id. All contents of the variables
are stored in a MySQL database table, which will be deleted after the
complete order. Stuck orders will be deleted automaticly after two
days with a cron job script.
That's one way to do it.
BTW, my webhoster is the number two in size in Germany.
That doesn't mean they know anything about security. I've seen some
pretty big hosting companies who got that way only because they were
cheap. And these usually have the cheapest tech support people (i.e.
the least knowledgeable - or the least caring).

No way would I ever stay with someone who has register_globals on, no
matter how big/rich/whatever they are. It shows a definite lack of
technical competence and/or a lack of caring about security.
But thanks for your help. Enjoy the spring weather (in Germany it is
really wonderful in the moment.)

Hartmut Jäger (www.jaeger-edv-service.de)

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Apr 13 '07 #6

This discussion thread is closed

Replies have been disabled for this discussion.