...

View Full Version : Superglobals being changed indirectly?



Keleth
02-29-2012, 05:36 PM
I was wondering if anyone knows if there is a setting where PHP tries to be "smart" and change a superglobal when the element of the superglobal is accessed as a local variable with the same name.

I currently have code where I have a session variable called 'memberID'. If I assign $memberID, it changes the value of the session variable. Hopefully this example will explain.



// Session is defined up here. Lets say $_SESSION['memberID'] = 1 up here.

echo $_SESSION['memberID']; // Shows 1
$memberID = $pathOptions[1]; // $pathOptions is just the URL exploded on the slash '/', in this case, lets say $pathOptions[1] = 2
echo $_SESSION['memberID']; // Shows 2 now


I've had something similar happen when I had a POST variable called 'imageID' which I forgot to store to $imageID, but when I called $imageID later, it pulled the correct value.

The code above is directly copied out of what I have running and operates just as described. I can't figure it out.

Fou-Lu
02-29-2012, 06:15 PM
This the first place that $memberID has been assigned a value?

Keleth
02-29-2012, 06:29 PM
Yes, first place.

The code above the echo shown is standard header stuff for the page (eg, define session, verify user, etc). Everything is done within functions, so there is nothing even on the scope of $memberID as defined there (though the variable $memberID is never defined prior to that call).

Fou-Lu
02-29-2012, 08:15 PM
How is the memberID set to the session; just as $_SESSION['memberID'] = 1, or as session_register('memberID')?
Looks to me that $memberID is a reference to $_SESSION['memberID']. I'll test it later, but I'm pretty sure that register_globals are not created by-reference.

Keleth
02-29-2012, 09:35 PM
Its being set as $_SESSION['memberID'] = 1.

At no point did I directly set it by reference, though it clearly looks like that's what it is. I wasn't aware of the register_globals setting, that's interesting... however, from a cursory look, it doesn't seem it does it by reference, though it may. This may be the culprit, and if so, I'm outta luck... can't change the .ini on the server I'm using.

Fou-Lu
02-29-2012, 09:45 PM
Its being set as $_SESSION['memberID'] = 1.

At no point did I directly set it by reference, though it clearly looks like that's what it is. I wasn't aware of the register_globals setting, that's interesting... however, from a cursory look, it doesn't seem it does it by reference, though it may. This may be the culprit, and if so, I'm outta luck... can't change the .ini on the server I'm using.

I'll check it out later, but like I said I don't think that registered globals are references. You can disable it anyway; you can use .htaccess to change it on a module build, or a custom php.ini on a cgi build.

Keleth
02-29-2012, 11:46 PM
Ah... not sure which the server I'm on runs, I'll see if I can find out.

Fou-Lu
03-01-2012, 04:56 AM
So I can verify that register_globals are not passed by reference, which is what I figured.
Since I cannot replicate this, you will need to post all the code in use including any included files.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum