Reputation: 479
PHP Session variables automatically assigned to regular variables
I'm hosted at IX webhosting, and I came across something that struck me as strange. All my $_SESSION variables are automatically assigned to a regular variable of the same name. Is that normal PHP behavior? I looked it up in the php.net manual and didn't find an answer. Here's an example script:
<?php
$_SESSION['myvar'] = "hello";
echo $myvar; // after a page refresh, displays hello
$myvar = "goodbye";
echo $_SESSION['myvar']; // displays goodbye
?>
On my localhost I get an error msg in the likes of undefined variable: $myvar but at IX, the script works! Hazardous or normal PHP behavior? Thanks in advance.
Upvotes: 3
Views: 324
Answers (1)
Reputation: 180917
This "feature" controlled by a php.ini directive called register_globals. It has been disabled by default since PHP 4.2 and totally removed in PHP 5.4.
Unless you have legacy code depending on it, I would sincerely recommend that you turn it off if you can. Suffice to say, the security implications are pretty major.
Upvotes: 3
Related Questions
- Session variables change in PHP
- php session and other variable bug, it is normal?
- Weird PHP session
- php session variables wierd behaviour
- PHP $_SESSION variables randomly get overwritten?
- Session variables being overwritten
- PHP variables overwriting the whole session?
- Session values can overwrite local variables
- PHP Session variable changes when i reference it
- $_SESSION variables being controlled by PHP configuration?