darp Posted December 30, 2007 Share Posted December 30, 2007 Is this normal behavior? PHP 5 Apache Server on a Linux box. Browser: Firefox. fileone.php <form action="filetwo.php" method="post" > <input type="radio" name="input" value="go" />GO <input type="radio" name="input" value="stop" />STOP <input type="submit" /> </form> ************************ filetwo.php <form action="filethree.php" > <?php session_start(); //go or stop $_SESSION["input"] = $_POST["input" ]; if ( $_SESSION["input" ] == 'go' ) { $input = "You may go!<br />"; } else { $input = "You have been stopped!<br />"; } echo $_SESSION["input"]; //the first time echos "go" or "stop", depending on user input. echo $input; //the first time echos "You may go!" or "You have been stopped!", depending on user input. ?> <input type="submit" /> </form> ************************ filethree.php <?php session_start(); echo $input; //the first time echos "go" or "stop", depending on user input. ?> //How did $input become a superglobal with the value of $_SESSION["input"]? ************************** Now, if I hit the browser back button filetwo.php gives these results: filetwo.php <form action="filethree.php" > <?php session_start(); //go or stop $_SESSION["input"] = $_POST["input" ]; if ( $_SESSION["input" ] == 'go' ) { $input = "You may go!<br />"; } else { $input = "You have been stopped!<br />"; } echo $_SESSION["input"]; // echos "You may go!" or "You have been stopped!", depending on user input. // When/How did the value of $_SESSION["input"] get changed? Shouldn't it remain "go" or "stop"? echo $input; //echos "You may go!" or "You have been stopped!", depending on user input. ?> <input type="submit" /> </form> ******************* Now, if I re-submit filethree.php gives me: filethree.php <?php session_start(); echo $input; //Now it echos "You may go!" or "You have been stopped!", depending on user input. ?> //How did $input become a superglobal with the value of $_SESSION["input"]? This only works this way if the key of $_SESSION is the same as the variable ( minus the $ symbol ). Is this normal? It doesn't seem right to me. I can't see how the variable in filethree.php becomes a superglobal or how the value of $_SESSION gets changed. Can anyone fill me in on what I should understand or know about $_SESSION and the back button? Quote Link to comment Share on other sites More sharing options...
tapos Posted December 30, 2007 Share Posted December 30, 2007 Please check your register_globals option. I think this is on. So it shows that type of output -- Thanks Tapos Pal Quote Link to comment Share on other sites More sharing options...
darp Posted December 30, 2007 Author Share Posted December 30, 2007 Interesting. Thank You. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted December 30, 2007 Share Posted December 30, 2007 As tapos wrote, you will find that register globals are on. Turn them off, for two reasons - 1) Your code will start behaving as expected, and 2) Register globals were turned off by default in php4.2 in the year 2002 because they were just a lazy way shortcut that was a huge blunder and a security problem. No new code, books, tutorials... should have been written after that point that relied on register globals being on. Register globals have been completely eliminated in php6 and any code that relies on them will need to be fixed in order to work under php6. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.