What? Assigning a session variable also assigns the local variable?

Re: What? Assigning a session variable also assigns the local variable?

thecrow wrote:
[color=blue]
> Alright, what the hell is going on here?
>
> In the following code, I expect the printed result to be:
> DEBUG: frank's last name is burns.
>
> Instead, what I get is:
> DEBUG: frank's last name is burns.[/color]

That is than excactly what you wanted. :P
[color=blue]
>
> Here is the code:
> $frank = "burns";
> $_SESSION['frank'] = "black";
> echo "DEBUG: frank's last name is is $frank";[/color]

So what is your problem?
$frank contains "burns", so what else should PHP print?

If you want the content for the session-var 'frank', use it.
Like:
echo "DEBUG: frank's last name is is ".$_SESSION['frank'];
[color=blue]
>
> What is coming into play here? I thought of register_global s but I
> thought that only dealt with GET, POST, REQUEST, etc.[/color]

Indeed.

Go get a cup of coffee.
You are just being sloppy. :-)

Regards,
Erwin Moller

Re: What? Assigning a session variable also assigns the local variable?

Erwin Moller wrote:[color=blue]
> thecrow wrote:
>[color=green]
> > Alright, what the hell is going on here?
> >
> > In the following code, I expect the printed result to be:
> > DEBUG: frank's last name is burns.
> >
> > Instead, what I get is:
> > DEBUG: frank's last name is burns.[/color]
>
> That is than excactly what you wanted. :P
>[color=green]
> >
> > Here is the code:
> > $frank = "burns";
> > $_SESSION['frank'] = "black";
> > echo "DEBUG: frank's last name is is $frank";[/color]
>
> So what is your problem?
> $frank contains "burns", so what else should PHP print?
>
> If you want the content for the session-var 'frank', use it.
> Like:
> echo "DEBUG: frank's last name is is ".$_SESSION['frank'];
>[color=green]
> >
> > What is coming into play here? I thought of register_global s but I
> > thought that only dealt with GET, POST, REQUEST, etc.[/color]
>
> Indeed.
>
> Go get a cup of coffee.
> You are just being sloppy. :-)
>
> Regards,
> Erwin Moller[/color]

I think thecrow meant to say:
[color=blue][color=green]
> > In the following code, I expect the printed result to be:
> > DEBUG: frank's last name is burns.
> >
> > Instead, what I get is:
> > DEBUG: frank's last name is black.
> >
> > Here is the code:
> > session_start() ;
> > $frank = "burns";
> > $_SESSION['frank'] = "black";
> > echo "DEBUG: frank's last name is is $frank";[/color][/color]


I tried this test with register_global s turned on and turned off. With
it on, I got what thecrow got. With it off, I got what thecrow had
hoped for. So yes, register_global s is the culprit.

It makes sense for $_SESSION to trump other variables when
register_global s is turned on. Imagine if a malicious user passed
"user_level=adm in" on the query string. And in that PHP page, you
populated $_SESSION['user_level'] with the result of a database query.
What would you like to see when accessing $user_level? The data you
explicitly put into $_SESSION or the data the malicious user passed to
your script?

It is because of the confusing and possibly dangerous side-effects of
register_global s that it was disabled by default as of PHP 4.2.0