本地变量干扰 $_SESSION 变量? [英] Local vars interfere with $_SESSION vars?
问题描述
以下代码在随机页面上的输出为:
The output of the following code on a random page is :
print $_SESSION['uid']; // logged in user
// Get Data .
$uid = $_GET['ID']; // part of random page processing
print $_SESSION['uid'];
是:
1
2
我的登录用户 ID 正在更改!:@
My logged in User ID is changing ! :@
登录(认证)页面的代码是这样的:
The code for the login (authenticate) page is something like this :
// Authenticate
$query = "SELECT * FROM User WHERE Email = '".$Email."' AND Password = '".$Password."'";
$result = mysql_query($query);
// Authenticated?
if(mysql_num_rows($result)) {
// Yes
// Set session Vars
$uid = mysql_result($result,0,ID);
$Access = mysql_result($result,0,Access);
session_destroy();
session_start();
$_SESSION['loggedIN'] = 1;
$_SESSION['Access'] = $Access;
$_SESSION['uid'] = $uid;
// Print a successful login and redirect
推荐答案
你看到的是 register_globals
.基本上:
What you're seeing is a side-effect of register_globals
. Basically:
$uid
和
$_SESSION['uid']
引用相同的变量,所以当你这样做时:
reference the same variable so when you do:
$uid = $_GET['ID'];
相当于:
$SESSION['uid'] = $_GET['ID'];
我的建议?关闭注册全局变量.它在 PHP 5.3 中已被弃用,并将在 PHP 6 中移除.要关闭它,请编辑您的 php.ini 文件并更改为以下指令:
My advice? Turn off register globals. It's deprecated in PHP 5.3 and will be removed in PHP 6. To turn it off, edit your php.ini file and change to this directive:
register_globals = Off
然后重新启动 Apache(或任何您的 Web 服务器).
then restart Apache (or whatever your Web server is).
这篇关于本地变量干扰 $_SESSION 变量?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!