Posted by Ian B on 10/25/05 14:46

Hi Nicole,

Yep you would get the same result because $_session is different from
$_SESSION

PHP variables are case sensitive

As Hilarion said, you are using the old way of accessing variables.

It is better to use the format $_SESSION['country'] for a number of
reasons:

* Having started a session with session_start(), you don't need to
register any variable
* It is independent of "register_globals" - whatever this setting is,
you can always access $_SESSION['country']
* register_globals = On is dangerous because it can mask or be masked
by other variable
* register_globals = On is dangerous because users can add variables
to the query string and override stuff you thought was safe

Think of it like this:

* The first time a browser window calls session_start(), PHP goes off
to find the session variables, finds none and gives you an empty
$_SESSION array.

* You can amend $_SESSION vars by assigning values to them. If they
don't exist, they will be created.

* PHP makes sure that these values are always saved

* The next time that the same browser window calls session_start(), PHP
creates the $_SESSION array and loads the existing values, so you have
them back again.

$_SESSION vars are available from within functions

Nice and simple if you leave it at that.

With register_globals = On, PHP creates an $var for every
$_SESSION['var']. These are not available within function unless you
use "global $var", so "$var m= 27;" within a function will create a
local $var which will mask your session $var

Setting $HTTP_SESSION_VARS ["country"] = $country; means that anything
you do to $country will be done to $HTTP_SESSION_VARS ["country"] since
they are now one and the same (I think)

BUT...$country still has the same scope that any other $var has, so if
you do $HTTP_SESSION_VARS ["country"] = $country; within a function,
$country disappears when the function ends ($HTTP_SESSION_VARS
["country"] remains, though)


Simple answer: Stick with $_SESSION['country'] - it's simpler, obvious,
and a lot safer

Ian

• Next in forum: Function to seek a substring in a string
• Prev in forum: Re: Problem with session variables?
• Thread view: Re: Problem with session variables?

[Reply to this message]