Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

dbf2mysql parameter, WWWXXXAPC, wwwxxxAPC, How to unsubscrube from dategen spam, docmd.close 2585, WWWXXXDOCO, nu vot, dhcpd lease file "binding state", WWWXXXDOCO, how to setup procmail to process html2text

Links

XODOX
Impressum

#1: "register_globals off" and "session side-effect"

Posted on 2008-01-16 02:11:59 by kurdayon

Hi,

I set the register_globals off and try to get my code working under
the new conditions. I stuck on the following problem:

Warning: Unknown(): Your script possibly relies on a session side-
effect which existed until PHP 4.2.3. Please be advised that the
session extension does not consider global variables as a source of
data, unless register_globals is enabled. You can disable this
functionality and this warning by setting session.bug_compat_42 or
session.bug_compat_warn to off, respectively. in Unknown on line 0

I have no idea what they understand under the "session side-effect" as
well as "session extension" and how this "extension" can "consider"
something.

I tried to find something in the newsgroups and I found that:
http://groups.google.com/group/comp.lang.php/browse_thread/t hread/bac6f1c426ef4b22/c3b0666dea7d75fd?hl=en&lnk=st&q=Pleas e+be+advised+that+the+session+extension+does+not+consider+gl obal+variables+as+a+source+of+data#c3b0666dea7d75fd

But I am not sure that I correctly understand the suggested solution
of the problem. I should replace all global variables which I care
about by "normal variables"? I.e. $varname = global-array[$varname].
Why I cannot use the global variables directly?

Report this message

#2: Re: "register_globals off" and "session side-effect"

Posted on 2008-01-16 02:18:56 by Daniel Ennis

Kurda Yon wrote:
> Hi,
>
> I set the register_globals off and try to get my code working under
> the new conditions. I stuck on the following problem:
>
> Warning: Unknown(): Your script possibly relies on a session side-
> effect which existed until PHP 4.2.3. Please be advised that the
> session extension does not consider global variables as a source of
> data, unless register_globals is enabled. You can disable this
> functionality and this warning by setting session.bug_compat_42 or
> session.bug_compat_warn to off, respectively. in Unknown on line 0
>
> I have no idea what they understand under the "session side-effect" as
> well as "session extension" and how this "extension" can "consider"
> something.
>
> I tried to find something in the newsgroups and I found that:
> http://groups.google.com/group/comp.lang.php/browse_thread/t hread/bac6f1c426ef4b22/c3b0666dea7d75fd?hl=en&lnk=st&q=Pleas e+be+advised+that+the+session+extension+does+not+consider+gl obal+variables+as+a+source+of+data#c3b0666dea7d75fd
>
> But I am not sure that I correctly understand the suggested solution
> of the problem. I should replace all global variables which I care
> about by "normal variables"? I.e. $varname = global-array[$varname].
> Why I cannot use the global variables directly?

Your going to need to paste us some of the code. Kind of hard to tell
what its not liking without seeing it.

--
Daniel Ennis
faNetworks.net - Quality Web Hosting and Ventrilo Services
System Administrator / Web Developer
PHP Developer for 6 years
daniel@fanetworks.net

Report this message

#3: Re: "register_globals off" and "session side-effect"

Posted on 2008-01-16 02:30:45 by thyb0

Kurda Yon wrote:
> But I am not sure that I correctly understand the suggested solution
> of the problem. I should replace all global variables which I care
> about by "normal variables"? I.e. $varname = global-array[$varname].
> Why I cannot use the global variables directly?

Yes, the subject has been discussed here recently. I'll past the classic
example for you to understand quickly:

...
if( isset($admin) ) {
..
}
...

Now: http://mysite.net/myscript.php?admin=1
Here we go.

Thus, globals aren't registered automatically anymore, you have to do it
yourself: $registered_global = $_SESSION['unregistered_global'];

-thib´

Report this message

#4: Re: "register_globals off" and "session side-effect"

Posted on 2008-01-16 02:37:03 by Jerry Stuckle

Kurda Yon wrote:
> Hi,
>
> I set the register_globals off and try to get my code working under
> the new conditions. I stuck on the following problem:
>
> Warning: Unknown(): Your script possibly relies on a session side-
> effect which existed until PHP 4.2.3. Please be advised that the
> session extension does not consider global variables as a source of
> data, unless register_globals is enabled. You can disable this
> functionality and this warning by setting session.bug_compat_42 or
> session.bug_compat_warn to off, respectively. in Unknown on line 0
>
> I have no idea what they understand under the "session side-effect" as
> well as "session extension" and how this "extension" can "consider"
> something.
>
> I tried to find something in the newsgroups and I found that:
> http://groups.google.com/group/comp.lang.php/browse_thread/t hread/bac6f1c426ef4b22/c3b0666dea7d75fd?hl=en&lnk=st&q=Pleas e+be+advised+that+the+session+extension+does+not+consider+gl obal+variables+as+a+source+of+data#c3b0666dea7d75fd
>
> But I am not sure that I correctly understand the suggested solution
> of the problem. I should replace all global variables which I care
> about by "normal variables"? I.e. $varname = global-array[$varname].
> Why I cannot use the global variables directly?
>

Are you using session_register() or similar functions in your code?

As Daniel said - code would help.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Report this message

#5: Re: "register_globals off" and "session side-effect"

Posted on 2008-01-16 02:48:11 by kurdayon

On Jan 15, 8:30 pm, thib=B4 <th...@coralsnake-team.com> wrote:
> Kurda Yon wrote:
> > But I am not sure that I correctly understand the suggested solution
> > of the problem. I should replace all global variables which I care
> > about by "normal variables"? I.e. $varname =3D global-array[$varname].
> > Why I cannot use the global variables directly?
>
> Yes, the subject has been discussed here recently. I'll past the classic
> example for you to understand quickly:
>
> ..
> if( isset($admin) ) {
> ..}
>
> ..
>
> Now:http://mysite.net/myscript.php?admin=3D1
> Here we go.
>
Is $admin a global variable? I thought that it can be global only
after "global $admin;"-line in the code. Am I wrong? Any variable
which is given to the php-script via the address line will
automatically become global (if register_global is "on")?


> Thus, globals aren't registered automatically anymore, you have to do it
> yourself: $registered_global =3D $_SESSION['unregistered_global'];
>
I think I have some problems with the terminology. The above example I
would describe as follow. We have assign to a "normal" variable
($registered_global), a value taken from a session variable
($_SESSION). But you replace "normal" by "global" and "assignment" by
the "registration". Do you consider any "assignment" as the
"registration" or only those "assignment" is a "registration" in which
the value was taken from the $_SESSION?

Report this message

#6: Re: "register_globals off" and "session side-effect"

Posted on 2008-01-16 02:50:20 by kurdayon

>
> Are you using session_register() or similar functions in your code?
>
Yes I use the "session_register()". I do not know which part of the
code should I send. It is huge and I have no idea where the problem
starts.

Report this message

#7: Re: "register_globals off" and "session side-effect"

Posted on 2008-01-16 02:52:52 by Jerry Stuckle

thib´ wrote:
> Kurda Yon wrote:
>> But I am not sure that I correctly understand the suggested solution
>> of the problem. I should replace all global variables which I care
>> about by "normal variables"? I.e. $varname = global-array[$varname].
>> Why I cannot use the global variables directly?
>
> Yes, the subject has been discussed here recently. I'll past the classic
> example for you to understand quickly:
>
> ..
> if( isset($admin) ) {
> ..
> }
> ..
>
> Now: http://mysite.net/myscript.php?admin=1
> Here we go.
>
> Thus, globals aren't registered automatically anymore, you have to do it
> yourself: $registered_global = $_SESSION['unregistered_global'];
>
> -thib´
>

Yes, that's already been discussed. We've moved on. Please don't
confuse him more!

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Report this message

#8: Re: "register_globals off" and "session side-effect"

Posted on 2008-01-16 02:53:56 by Jerry Stuckle

Kurda Yon wrote:
> On Jan 15, 8:30 pm, thib´ <th...@coralsnake-team.com> wrote:
>> Kurda Yon wrote:
>>> But I am not sure that I correctly understand the suggested solution
>>> of the problem. I should replace all global variables which I care
>>> about by "normal variables"? I.e. $varname = global-array[$varname].
>>> Why I cannot use the global variables directly?
>> Yes, the subject has been discussed here recently. I'll past the classic
>> example for you to understand quickly:
>>
>> ..
>> if( isset($admin) ) {
>> ..}
>>
>> ..
>>
>> Now:http://mysite.net/myscript.php?admin=1
>> Here we go.
>>
> Is $admin a global variable? I thought that it can be global only
> after "global $admin;"-line in the code. Am I wrong? Any variable
> which is given to the php-script via the address line will
> automatically become global (if register_global is "on")?
>
>
>> Thus, globals aren't registered automatically anymore, you have to do it
>> yourself: $registered_global = $_SESSION['unregistered_global'];
>>
> I think I have some problems with the terminology. The above example I
> would describe as follow. We have assign to a "normal" variable
> ($registered_global), a value taken from a session variable
> ($_SESSION). But you replace "normal" by "global" and "assignment" by
> the "registration". Do you consider any "assignment" as the
> "registration" or only those "assignment" is a "registration" in which
> the value was taken from the $_SESSION?
>

No - register_globals has nothing to do with variables you specify as
global yourself.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Report this message

#9: Re: "register_globals off" and "session side-effect"

Posted on 2008-01-16 02:54:01 by kurdayon

>
> ..
> if( isset($admin) ) {
> ..}
>
> ..
>
> Now:http://mysite.net/myscript.php?admin=1
> Here we go.

But even if the register_global is off the following can happen:
if( isset($_GET['admin']) ) {
...}
Now:http://mysite.net/myscript.php?admin=1

Or the ideas is that developer (programmer) will remember that $_GET
is something what is coming from the outside and will never relate the
access with the elements of $_GET?

Report this message

#10: Re: "register_globals off" and "session side-effect"

Posted on 2008-01-16 02:54:41 by Jerry Stuckle

Kurda Yon wrote:
>> Are you using session_register() or similar functions in your code?
>>
> Yes I use the "session_register()". I do not know which part of the
> code should I send. It is huge and I have no idea where the problem
> starts.
>

Start by getting rid of deprecated functions such as session_register.
Just use the $_SESSION array.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Report this message

#11: Re: "register_globals off" and "session side-effect"

Posted on 2008-01-16 02:59:19 by Jerry Stuckle

Kurda Yon wrote:
>> ..
>> if( isset($admin) ) {
>> ..}
>>
>> ..
>>
>> Now:http://mysite.net/myscript.php?admin=1
>> Here we go.
>
> But even if the register_global is off the following can happen:
> if( isset($_GET['admin']) ) {
> ..}
> Now:http://mysite.net/myscript.php?admin=1
>
> Or the ideas is that developer (programmer) will remember that $_GET
> is something what is coming from the outside and will never relate the
> access with the elements of $_GET?
>

That is true. But $_GET['admin'] is set - not $admin. And the only way
the $_GET array gets populated is by the query string in the uri (unless
you set it yourself - which is a bad idea).

And you know that $_GET['admin'] is coming from the query string. With
register_globals on, $admin could have been set by the session, a
cookie, or get or post parameters. And you have no idea where it came from.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Report this message