2

when I store data in a variable like:

 // inside the login page
 $_SESSION['username'] = $username;
 $_SESSION['user_id'] = $user_id;

and i reference that SESSION on another page like:

// on the users homepage
$new_variable = $_SESSION['username'];

changes it's value to something different from the database.

OR for example, if i make a new variable called $user_id

 // creating a new variable in the users inbox
 $user_id = 12312;

it changes the SESSION value to that as well.


Does anyone know where I'm going wrong?

Thank you!

Improve this question

2 Answers 2

Reset to default
5

Sounds like register_globals is enabled. This means that the $_SESSION and global variables will effectively operate as the same thing. You should set register_globals to Off if you're in control of the hosting, and if not, ask the host. Finally you should probably move hosting, as it's very insecure and difficult to program around safely.

You can demonstrate this problem with other global arrays, include $_GET.

See http://php.net/manual/en/security.globals.php for more details

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Thank you. I have to email my host. In a contract with them atm, need to change clearly asap.
Good luck - there are plenty of cheap hosts out there otherwise. Ask to see a phpinfo in advance of signing up!
Also if you have access to using htaccess files maybe "php_flag register_globals off" might work for you.
Yeas, I did that(.htaccess). Caused a Server 500 error.. But when I removed it, it changed the register_globals to off. I'm not going to ask any questions, just gonna be happy that it finally works :)
3

Turn off register_globals in php.ini

Improve this answer

2 Comments

This doesn't make sense (in English at least) and isn't really an answer. Stack Overflow isn't just about rep races!
Fixed, sorry, I am Brazilian and I wrote thinking of Portuguese!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.