Reputation: 191
Why Does "GET" Override "SESSION"
In the code:
<?php
session_start();
$_SESSION['id'] = 14;
if(isset($_GET['id']))
{
$id = $_GET['id'];
}
else
{
$id = $_SESSION['id'];
}
echo $id;
echo "<br>";
echo $_SESSION['id'];
?>
Why is the second value echoed out always equal the GET variable (assuming there is one set)? Is this a misconfiguration or am I missing something?
Upvotes: 2
Views: 309
Answers (1)
Reputation: 31823
My magic crystal ball says that you have the register_globals setting turned on. check it by calling phpinfo()
When register_globals is on, $foo and $_SESSION['foo'] are references to each other, but only if $foo is in the global scope. This means assigning a value to either of them, causes the other to update. Think of them as being the exact same variable.
That setting is ancient. If I remember correctly, the references between $foo and $_SESSION['foo'] will only be established after one of:
- immediately after calling session_start() IF $_SESSION['foo'] existed in the session.
- immediately after assigning any value to $_SESSION['foo']
- immediately after calling session_register('foo')
You should strongly consider disabling register_globals. unexpected program behavior just like this is the very reason the setting was discouraged, and eventually totally removed from php.
Upvotes: 6
Related Questions
- How to use $_GET?
- PHP $_SESSION is working but can't get $_GET to work
- Session only recognized after a $_GET or $_POST is set
- Turning a GET variable into a session variable
- PHP session variables and GET request
- Php session variable instead of GET method
- get or session?
- SESSION problem when using GET method in php
- $_get and session. Can't get it to work
- PHP - how to use a session in place of the GET var