"register_globals off" and "session side-effect"

Kurda Yon wrote:

Hi,

I set the register_globals off and try to get my code working under
the new conditions. I stuck on the following problem:

Warning: Unknown(): Your script possibly relies on a session side-
effect which existed until PHP 4.2.3. Please be advised that the
session extension does not consider global variables as a source of
data, unless register_globals is enabled. You can disable this
functionality and this warning by setting session.bug_compat_42 or
session.bug_compat_warn to off, respectively. in Unknown on line 0

I have no idea what they understand under the "session side-effect" as
well as "session extension" and how this "extension" can "consider"
something.

I tried to find something in the newsgroups and I found that:
http://groups.google.com/group/comp....b0666dea7d75fd

But I am not sure that I correctly understand the suggested solution
of the problem. I should replace all global variables which I care
about by "normal variables"? I.e. $varname = global-array[$varname].
Why I cannot use the global variables directly?

Are you using session_register() or similar functions in your code?

As Daniel said - code would help.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Jan 16 '08 #4

Kurda Yon

On Jan 15, 8:30 pm, thib´ <th...@coralsnake-team.comwrote:

Kurda Yon wrote:
But I am not sure that I correctly understand the suggested solution
of the problem. I should replace all global variables which I care
about by "normal variables"? I.e. $varname = global-array[$varname].
Why I cannot use the global variables directly?

Yes, the subject has been discussed here recently. I'll past the classic
example for you to understand quickly:

..
if( isset($admin) ) {
..}

..

Now:http://mysite.net/myscript.php?admin=1
Here we go.

Is $admin a global variable? I thought that it can be global only
after "global $admin;"-line in the code. Am I wrong? Any variable
which is given to the php-script via the address line will
automatically become global (if register_global is "on")?

Thus, globals aren't registered automatically anymore, you have to do it
yourself: $registered_global = $_SESSION['unregistered_global'];

I think I have some problems with the terminology. The above example I
would describe as follow. We have assign to a "normal" variable
($registered_global), a value taken from a session variable
($_SESSION). But you replace "normal" by "global" and "assignment" by
the "registration". Do you consider any "assignment" as the
"registration" or only those "assignment" is a "registration" in which
the value was taken from the $_SESSION?

Jan 16 '08 #5

Kurda Yon

Are you using session_register() or similar functions in your code?

Yes I use the "session_register()". I do not know which part of the
code should I send. It is huge and I have no idea where the problem
starts.

Jan 16 '08 #6

thib´ wrote:

Kurda Yon wrote:
>But I am not sure that I correctly understand the suggested solution
of the problem. I should replace all global variables which I care
about by "normal variables"? I.e. $varname = global-array[$varname].
Why I cannot use the global variables directly?

Yes, the subject has been discussed here recently. I'll past the classic
example for you to understand quickly:

..
if( isset($admin) ) {
..
}
..

Now: http://mysite.net/myscript.php?admin=1
Here we go.

Thus, globals aren't registered automatically anymore, you have to do it
yourself: $registered_global = $_SESSION['unregistered_global'];

-thib´

Yes, that's already been discussed. We've moved on. Please don't
confuse him more!

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Jan 16 '08 #7

Kurda Yon

..
if( isset($admin) ) {
..}

..

Now:http://mysite.net/myscript.php?admin=1
Here we go.

But even if the register_global is off the following can happen:
if( isset($_GET['admin']) ) {
...}
Now:http://mysite.net/myscript.php?admin=1

Or the ideas is that developer (programmer) will remember that $_GET
is something what is coming from the outside and will never relate the
access with the elements of $_GET?

Jan 16 '08 #8

Kurda Yon wrote:

On Jan 15, 8:30 pm, thib´ <th...@coralsnake-team.comwrote:
>Kurda Yon wrote:
>>But I am not sure that I correctly understand the suggested solution
of the problem. I should replace all global variables which I care
about by "normal variables"? I.e. $varname = global-array[$varname].
Why I cannot use the global variables directly?
Yes, the subject has been discussed here recently. I'll past the classic
example for you to understand quickly:

..
if( isset($admin) ) {
..}

..

Now:http://mysite.net/myscript.php?admin=1
Here we go.

Is $admin a global variable? I thought that it can be global only
after "global $admin;"-line in the code. Am I wrong? Any variable
which is given to the php-script via the address line will
automatically become global (if register_global is "on")?

>Thus, globals aren't registered automatically anymore, you have to do it
yourself: $registered_global = $_SESSION['unregistered_global'];

I think I have some problems with the terminology. The above example I
would describe as follow. We have assign to a "normal" variable
($registered_global), a value taken from a session variable
($_SESSION). But you replace "normal" by "global" and "assignment" by
the "registration". Do you consider any "assignment" as the
"registration" or only those "assignment" is a "registration" in which
the value was taken from the $_SESSION?

No - register_globals has nothing to do with variables you specify as
global yourself.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Jan 16 '08 #9

Kurda Yon wrote:

>Are you using session_register() or similar functions in your code?

Yes I use the "session_register()". I do not know which part of the
code should I send. It is huge and I have no idea where the problem
starts.

Start by getting rid of deprecated functions such as session_register.
Just use the $_SESSION array.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Jan 16 '08 #10

Follow-up: "Mouse-Over" Drop-Down Menus

Kurda Yon wrote:

>..
if( isset($admin) ) {
..}

..

Now:http://mysite.net/myscript.php?admin=1
Here we go.

But even if the register_global is off the following can happen:
if( isset($_GET['admin']) ) {
..}
Now:http://mysite.net/myscript.php?admin=1

Or the ideas is that developer (programmer) will remember that $_GET
is something what is coming from the outside and will never relate the
access with the elements of $_GET?

That is true. But $_GET['admin'] is set - not $admin. And the only way
the $_GET array gets populated is by the query string in the uri (unless
you set it yourself - which is a bad idea).

And you know that $_GET['admin'] is coming from the query string. With
register_globals on, $admin could have been set by the session, a
cookie, or get or post parameters. And you have no idea where it came from.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Jan 16 '08 #11

Similar topics

2315

by: Larry R Harrison Jr | last post by:

I have them working now, courtesy of the link given in the prior thread--the HVMenu over at Dynamic Drive myself. http://www.dynamicdrive.com I have them working as side-bar menus, not...

Javascript

1692

A "few" old session files never deleted?

by: Jerry Sievers | last post by:

Hello. I have session files stored in a special tmp directory specific to a virtual host instance. The Max_lifetime is long 86400 (1 day) which I don't suppose is the problem. Anyway the...

Bug in Access 2003 ? Error after 380 CreateObject("MAPI.Session")

4179

by: Ottar | last post by:

I've made a program sorting incomming mail in public folder. The function runs every minute by using the form.timer event. In Access XP it runs for weeks, no problem. Access 2003 runs the same...

Microsoft Access / VBA

1277

Universal "Session" Functionality?

by: Steve - DND | last post by:

I'm currently creating an application with an n-tier design(not separate boxes for each layer, just separation of pres/logic/data) that will have both a web and windows interface. I'm trying to...

equivalent C# for VB.NET "Session"

5894

by: dale zhang | last post by:

Hi groups, Can anyone give me the equivalent C# sharp code for this VB.ET code, :: VB.NET :: Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) _ Handles...

need guidance on users "session data" management.

1858

by: jensen bredal | last post by:

I need to keep track on user "session data" while still turning session off as i do not want users login to expire? Thanks JB

ASP.NET

3592

Aren't session variable preserved using "Header('Location: xxx')"?

by: lwoods | last post by:

I am trying to pass some info to another page on my site. I set "session_start()" in page 1, assign a session variable to a value, then execute a "header('Location: ....')." But on the target...

"Array to String Conversion" error when constructing a multi-dimensional array

1977

How to "Log Off" a user

by: GaryDean | last post by:

Using 1.1.... I have an application using Forms Authentication that, like all other such applicaitons, uses FormsAuthentication.RedirectFromLoginPage to authenticate a user. at a point in time...

ASP.NET

6246

by: drako | last post by:

Hi, I'm a bit stumped as I am getting a "Notice: Array to String Conversion" error when trying to do something that on the surface should be a very simple task - create an array, and write a set...

Tip about register globals set to "on"

1710

by: sheldonlg | last post by:

I did some coding on a site where register_globals is set to on. The problem I encountered was that the session variable changed without my changing it explicitly. I knew that in register globals...

Problem With Comparison Operator <=> in G++

7321

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...

C / C++

7488

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...

General

5623

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...

Career Advice

5045

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...

Microsoft Access / VBA

4702

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...

transfer the data from one system to another through ip address

3179

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

1544

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...

How to add payments to a PHP MySQL app.

762

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.