|
|
Posted by Name on 09/06/05 17:59
Alvaro G Vicario <alvaro_QUITAR_REMOVE@telecomputer.com> wrote in
news:lmlwhwjxlhfc.tlwx4ywjbhn3.dlg@40tude.net:
> *** Name wrote/escribiσ (Fri, 02 Sep 2005 16:07:00 GMT):
>> <?
>> session_start();
>> session_register("count");
>> $count=$count+1;
>
> You modify $count *after* storing it in session data?
>
>> echo $count;
>> ?>
> [...]
>> session.register_globals=1
>
>> When I run this, count always displays as 1.
>
> From manual:
>
> "If you want your script to work regardless of register_globals, you
> need to instead use the $_SESSION array as $_SESSION entries are
> automatically registered. If your script uses session_register(), it
> will not work in environments where the PHP directive register_globals
> is disabled."
>
> I particularly find it very easy to write insecure scripts when
> register_globals is set to 'on' so I always use $_SESSION. I don't
> think it worth trying to debug a script that relies on
> register_globals.
>
>
Sorry, but I did read this part of the manual. Maybe I'm
misunderstanding it.
I thought, since I have register_globals set to "1," that I was okay.
In any event, using $_SESSION fixes my sample. However, my production
script
already uses $_SESSION, so I have nothing I can change (it also has
register_globals=1)
there. I can't post my production script (you wouldn't want it anyway.
It is about a
thousand lines long [don't look at me. I didn't design the
monstrosity.]).
I guess, at this point, I'm on my own again. If I figure out what is
happening and get
things running, I'll post the solution.
Thanks,
Vincent
[Back to original message]
|