uniflare Posted January 25, 2009 Share Posted January 25, 2009 hmm It would be the "Register_Globals" php ini directive, if set to true, any $_REQUEST (and im sure $_SESSION) data gets automatically put into a global variable. Register Globals is quite a common securit flaw for beginners as it seems easier to use it, but for best practice you should try not to rely on global variables (only some safe environment variables). http://uk.php.net/register_globals For more information. Quote Link to comment Share on other sites More sharing options...
uniflare Posted January 25, 2009 Share Posted January 25, 2009 there is also this interesting comment on that page: BEWARE of using register_globals = On, it's not only bad karma but highly dangerous. Consider the following coding: <?php // assume $_SESSION['user'] = array('Hello', 'World'); // assume session_start() was called somewhere before. print('<pre>Contents of array $_SESSION[\'user\']'); print_r($_SESSION['user']); print('<hr>Contents of array $user (PHP SETUP register_globals = On)'); print_r($user); print('</pre>'); ?> If you manipulate $user you'll manipulate $_SESSION['user'] as well with PHP SETUP register_globals = On. So please avoid it at any cost, no serious programmer would ever want to have register_globals = On. Quote Link to comment Share on other sites More sharing options...
nati Posted January 25, 2009 Author Share Posted January 25, 2009 I understand now, tnx a lot! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.