PHP adds hidden value

**Rik** · Jul 30 '06, 07:05 AM

Re: PHP adds hidden value

Ernestino wrote:

Hallo, just today, trying to validate the code of a site of mine
written in php, I discovered that is segnalled the presence of this
line:
>
<input type="hidden" name="PHPSESSID "
value="c108f42e 24e7111ec399772 308b24cb3" />
>
line that in the source code doesn't exist, I have checked and checked
again. Is it possibile some strange thing? Could I avoid it? For when
I try to validate the page, such page is indicated as containing an
error
>
But stranger again, the same script if executed on a Linux Server
doesn't show this strange behaviour.

session.use_onl y_cookies ?

Grtz,
--
Rik Wasmus

**Carl Vondrick** · Jul 30 '06, 07:45 AM

Re: PHP adds hidden value

But stranger again, the same script if executed on a Linux Server doesn't

show this strange behaviour.

This is because you are using sessions, and PHP is automatically
rewriting your forms--the session ID must be transmitted some how.

If you want to remove the rewriting, you should use cookies.

Carl Vondrick

**Ernestino** · Jul 30 '06, 08:15 AM

Re: PHP adds hidden value

Il Sun, 30 Jul 2006 07:45:06 +0000, Carl Vondrick ha scritto:

>[testo citato nascosto]

>
This is because you are using sessions, and PHP is automatically
rewriting your forms--the session ID must be transmitted some how.
>
If you want to remove the rewriting, you should use cookies.
>

Ok, but, as I wrote, the same script if executed on a Linux Server doesn't
show this strange behaviour.

Francesco

**Toby Inkster** · Jul 30 '06, 08:55 AM

Re: PHP adds hidden value

Ernestino wrote:

Ok, but, as I wrote, the same script if executed on a Linux Server doesn't
show this strange behaviour.

Form rewriting is an *option* in PHP. It seems that this option is
configured differently on your two different servers.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact

**Ernestino** · Jul 30 '06, 01:45 PM

Re: PHP adds hidden value

Il Sun, 30 Jul 2006 09:56:57 +0100, Toby Inkster ha scritto:

Ernestino wrote:
>

>[testo citato nascosto]

>
Form rewriting is an *option* in PHP. It seems that this option is
configured differently on your two different servers.

Well, is there a way to solve this "strange" problem? I am not able to
configure php for web servers are not running on my computer.

Francesco

**Richard Levasseur** · Jul 30 '06, 08:55 PM

Re: PHP adds hidden value

Ernestino wrote:

Il Sun, 30 Jul 2006 09:56:57 +0100, Toby Inkster ha scritto:
>

Ernestino wrote:

[testo citato nascosto]

Form rewriting is an *option* in PHP. It seems that this option is
configured differently on your two different servers.

>
Well, is there a way to solve this "strange" problem? I am not able to
configure php for web servers are not running on my computer.
>
Francesco

Edit the php.ini file

I would provide a link but I cannot get the PHP site to load for me
currently. One of the parents posted the ini setting to change too.

**Carl Vondrick** · Jul 30 '06, 11:05 PM

Re: PHP adds hidden value

Well, is there a way to solve this "strange" problem? I am not able to
configure php for web servers are not running on my computer.

Are you starting your sessions AFTER output?

Example:
Hello!
<?php
session_start() ;
/* do stuff */
?>

This will cause PHP to rewrite. If you do this, however, you will avoid
that:
<?php
session_start() ;
?>
Hello!
<?php
/* do stuff */
?>

Carl

**Ernestino** · Jul 31 '06, 07:25 AM

Re: PHP adds hidden value

<?php

session_start() ;
?>
Hello!
<?php
/* do stuff */
?>
>
Carl

No. I use the second one.

Francesco

**Toby Inkster** · Jul 31 '06, 07:55 AM

Re: PHP adds hidden value

Ernestino wrote:

Well, is there a way to solve this "strange" problem? I am not able to
configure php for web servers are not running on my computer.

You can toggle PHP options from *within* the PHP code, or from .htaccess
files.

PHP: ini_set - Manual

http://uk.php.net/function.ini-set

Sets the value of a configuration option

PHP: How to change configuration settings - Manual

http://uk.php.net/configuration.changes

How to change configuration settings

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact

**Ernestino** · Jul 31 '06, 10:45 AM

Re: PHP adds hidden value

Il Sun, 30 Jul 2006 09:07:41 +0200, Rik ha scritto:

Ernestino wrote:

>[testo citato nascosto]

>
session.use_onl y_cookies ?
>

I have printed this value, and it is false.

Francesco

**Richard Levasseur** · Jul 31 '06, 02:35 PM

Re: PHP adds hidden value

Ernestino wrote:

Il Sun, 30 Jul 2006 09:07:41 +0200, Rik ha scritto:
>

Ernestino wrote:

[testo citato nascosto]

session.use_onl y_cookies ?

I have printed this value, and it is false.
>
Francesco

It should be true

**Ernestino** · Jul 31 '06, 02:35 PM

Re: PHP adds hidden value

Il Mon, 31 Jul 2006 07:38:48 -0700, Richard Levasseur ha scritto:

Ernestino wrote:

>[testo citato nascosto]

>
It should be true

Well, and what if the user has cookies disabled?

Francesco

**Ivan Marsh** · Jul 31 '06, 03:15 PM

Re: PHP adds hidden value

On Sun, 30 Jul 2006 06:54:43 +0000, Ernestino wrote:

Hallo, just today, trying to validate the code of a site of mine written
in php, I discovered that is segnalled the presence of this line:
>
<input type="hidden" name="PHPSESSID "
value="c108f42e 24e7111ec399772 308b24cb3" />
>
line that in the source code doesn't exist, I have checked and checked
again. Is it possibile some strange thing?

That's the session tracking variable.

You either have sessions autostarting or you manually started one.

--
The USA Patriot Act is the most unpatriotic act in American history.
Feingold-Obama '08 - Because the Constitution isn't history,
It's the law.

**Rik** · Jul 31 '06, 03:45 PM

Re: PHP adds hidden value

Ernestino wrote:

Il Mon, 31 Jul 2006 07:38:48 -0700, Richard Levasseur ha scritto:
>

>Ernestino wrote:

>>[testo citato nascosto]

>>
>It should be true

>
Well, and what if the user has cookies disabled?

Then the session should either break or be propagated in the URL or in the
POST values, as per the session.use_tra ns_sid and url_rewriter.ta gs
settings. The choice is up to the developer. That's why PHP adds your hidden
field.

Check the settings I mentioned, those will most likely be different on the
different servers.

Grtz,
--
Rik Wasmus

PHP adds hidden value

PHP adds hidden value

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment