By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,968 Members | 1,684 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,968 IT Pros & Developers. It's quick & easy.

Tip about register globals set to "on"

P: n/a
I did some coding on a site where register_globals is set to on. The
problem I encountered was that the session variable changed without my
changing it explicitly. I knew that in register globals being on, that
all the variables were global variables. What I didn't realize was that
it set up an equivalence such that the variable is an alias for the
session variable with the key name of that variable. That is,
$_SESSION['key'] is the same as $key.

I got around the problem by changing the key of the the session variable
to something unique.

Here is a little test script:
<?php
session_start();
$_SESSION['company'] = 'This';
print '1: ' . $_SESSION['company'] . '<br>';
$company = 0;
print '2: ' . $_SESSION['company'] . '<br>';
$_SESSION['company'] = 'This';
print '3: ' . $_SESSION['company'] . '<br>';
$company = 'That';
print '4: ' . $_SESSION['company'];
$foo = 'Foo';
print '5: ' . $_SESSION['foo'] . '<br>';
?>

Here is the output:
1: This
2: 0
3: This
4: That
5: Foo
Oct 12 '08 #1
Share this Question
Share on Google+
2 Replies


P: n/a
What's the question?

I would recommend against using register_globals anyway. The directive
is deprecated and due for removal as of PHP 6 as it has security
vulnerabilities.

Oct 12 '08 #2

P: n/a
macca wrote:
What's the question?
Read the subject title! I am passing on a little personal experience,
and not asking a question.
>
I would recommend against using register_globals anyway. The directive
I agree totally, however it is not always under our control to make that
decision. Many places will not change because it would break too many
existing applications.
is deprecated and due for removal as of PHP 6 as it has security
vulnerabilities.
.....and that might hinder acceptance of PHP 6 if it will force turning
it off. That is for the reason I gave above.
>
Oct 12 '08 #3

This discussion thread is closed

Replies have been disabled for this discussion.