Can a form change session variables?

Hi,

In the first page I declare a session variable. Than, on the same
page, I make a form which contains a variable which has the same name
as the mentioned session variable. Pressing the "submit" button of the
form I go to the second page which immediately redirects me back to
the first page (with the "header"). And the mentioned variable does
NOT have the value which I have specified in the form.

It means, that session does NOT recognize the form variables as
session variables in spite on the fact that these variables have
identical names. Is that true?

Re: Can a form change session variables?

thanks to PHP's globals

Re: Can a form change session variables?

On Jan 12, 9:54 pm, "Peter Pei" wrote:
> thanks to PHP's globals

What do you mean?

Re: Can a form change session variables?

On 13 Jan., 03:51, Kurda Yon wrote:

> In the first page I declare a session variable. Than, on the same
> page, I make a form which contains a variable which =A0has the same name

PHP does not automaticall register variables with your session.

Please review http://de.php.net/manual/en/ref.session.php for details.

Do you access your (expected) form/session variable like this:
$_SESSION['count'] ?

Re: Can a form change session variables?

version? setting? did you ask? obviously possible

Re: Can a form change session variables?

Kurda Yon wrote:
> Hi,
>
> In the first page I declare a session variable. Than, on the same
> page, I make a form which contains a variable which has the same name
> as the mentioned session variable. Pressing the "submit" button of the
> form I go to the second page which immediately redirects me back to
> the first page (with the "header"). And the mentioned variable does
> NOT have the value which I have specified in the form.
>
> It means, that session does NOT recognize the form variables as
> session variables in spite on the fact that these variables have
> identical names. Is that true?
>

It used to - there is a parm in the php.ini file called register_globals.

In earlier versions, this was enabled and would do what you want.
However, this is a huge security risk and has been disabled by default
in recent versions.

It's simple to get the variable from the session, though.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: Can a form change session variables?

On Jan 12, 9:57 pm, seaside wrote:
> On 13 Jan., 03:51, Kurda Yon wrote:
>
> > In the first page I declare a session variable. Than, on the same
> > page, I make a form which contains a variable which has the same name
>
> PHP does not automaticall register variables with your session.
>
What do you mean under "PHP ... register"? I have registered variables
by "session_register".

> Please reviewhttp://de.php.net/manual/en/ref.session.phpfor details.
>
> Do you access your (expected) form/session variable like this:
> $_SESSION['count'] ?
No. I do like that:
session_start();
session_register("txt_l_1");
...........
print "\n";

Re: Can a form change session variables?

> It's simple to get the variable from the session, though.
I do not mind if the user know all session variables there is only
HIS personal information. Or you mean "simple to get for the third
part"?

Re: Can a form change session variables?

Kurda Yon wrote:
>> It's simple to get the variable from the session, though.
> I do not mind if the user know all session variables there is only
> HIS personal information. Or you mean "simple to get for the third
> part"?
>

The user has no knowledge of anything in the session (other than the
session name), since everything is on the server (and thus unavailable
to the user).

And yes, you stored the value in the session, so it's easy to retrieve
it from the session whenever you need it. It will be there until either
you clear it or the session is ended.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: Can a form change session variables?

register_global is actually broken in 5.2.5, set it to off and it still acts
as if on.

Re: Can a form change session variables?

Peter Pei wrote:
> register_global is actually broken in 5.2.5, set it to off and it still
> acts as if on.
>

If that were the case I would expect to see a bug report at php.net.
There isn't one.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: Can a form change session variables?

Unless I totally misunderstood... if I set register_globals to off, and set
$_SESSION['foo'] = 1, I should not be able to access $foo, eight? but I can.
am using win2000 + .2.5

Re: Can a form change session variables?

Peter Pei wrote:
> Unless I totally misunderstood... if I set register_globals to off, and
> set $_SESSION['foo'] = 1, I should not be able to access $foo, eight?
> but I can. am using win2000 + .2.5
>

Sure you can. The two have no relationship to each other.

$_SESSION['foo'] is an element of the $_SESSION array with the index of
'foo'.

$foo is a variable named 'foo'.

The only thing they have in common is an 'f' and two 'o's.

And please learn to quote properly.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: Can a form change session variables?

you missed the point, they share value, change one, the other one changed to
the same value. you obviously didn't understand this side of php

Re: Can a form change session variables?

On Jan 13, 12:06 am, "Peter Pei" wrote:
> you missed the point, they share value, change one, the other one changed to
> the same value. you obviously didn't understand this side of php


> "Sure you can. The two have no relationship to each other.

> $_SESSION['foo'] is an element of the $_SESSION array with the index of
'foo'."


I agree with jerry stuckle


$_SESSION is different from $foo;
$_SESSION is different from $_GET['foo'];
$_GET['foo'] is the same with $foo (if register_global is on, if not
they are different.)

the only relationship with session with $foo or $_GET['foo'], they are
both variables in php.
session used to store variables like $foo, $_GET['foo'] on current
session. thats why we have
session_register(); to register variable on session. coz they are
different.

if they are not different, they will not provide session_register...

Re: Can a form change session variables?

> you missed the point, they share value, change one, the other one changed to
> the same value. you obviously didn't understand this side of php

------------------------------------------------------------ ----------------------

> "Sure you can. The two have no relationship to each other.
> $_SESSION['foo'] is an element of the $_SESSION array with the index of

'foo'."

I agree with jerry stuckle

$_SESSION is different from $foo;
$_SESSION is different from $_GET['foo'];
$_GET['foo'] is the same with $foo (if register_global is on, if not
they are different.)

the only relationship with session with $foo or $_GET['foo'] : they
are both variables in php.
session used to store variables like $foo/$_GET['foo'] on current
session. thats why we have session_register();
to register variable on session. coz they are different.

if they are not different, then they will not provide
session_register...

Re: Can a form change session variables?

Peter Pei wrote:
> you missed the point, they share value, change one, the other one
> changed to the same value. you obviously didn't understand this side of php
>

I missed what point? You didn't quote the relevant points of my
message, so I have no idea what you're talking about.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: Can a form change session variables?

I don't quote. It is more important to know what I said, not what you said.

Re: Can a form change session variables?

don't agree with anyone, test it yourself.

Re: Can a form change session variables?

Peter Pei wrote:
> I don't quote. It is more important to know what I said, not what you said.
>

Then don't expect to get answers on this newsgroup.

What you say has absolutely no importance at all.



--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: Can a form change session variables?

to be more precise... I tested both 2000 and vista, they behaved
differently. register_globals is broken on 2000, but not vista

Re: Can a form change session variables?

I wasn't the OP, so I am not trying to get any help. I am here to give help.

Re: Can a form change session variables?

..oO(Peter Pei)

>I don't quote. It is more important to know what I said, not what you said.

It's hard to follow a thread without any quoting. Too much quoting is
bad, but too less or no quoting at all is even worse. You want to read
about the netiquette.

Micha