本地变量干扰 $_SESSION 变量? [英] Local vars interfere with $_SESSION vars?

问题描述

以下代码在随机页面上的输出为:

The output of the following code on a random page is :

            print $_SESSION['uid']; // logged in user
        // Get Data .
        $uid = $_GET['ID']; // part of random page processing
            print $_SESSION['uid'];

是:

1
2

我的登录用户 ID 正在更改！:@

My logged in User ID is changing ! :@

登录(认证)页面的代码是这样的:

The code for the login (authenticate) page is something like this :

        // Authenticate
        $query = "SELECT * FROM User WHERE Email = '".$Email."' AND Password = '".$Password."'";
        $result = mysql_query($query);

        // Authenticated?
        if(mysql_num_rows($result)) {
            // Yes

            // Set session Vars
            $uid = mysql_result($result,0,ID);
            $Access = mysql_result($result,0,Access);

            session_destroy();
            session_start();
            $_SESSION['loggedIN'] = 1;
            $_SESSION['Access'] = $Access;
            $_SESSION['uid'] = $uid;

            // Print a successful login and redirect

推荐答案

你看到的是 register_globals.基本上:

What you're seeing is a side-effect of register_globals. Basically:

$uid

和

$_SESSION['uid']

引用相同的变量，所以当你这样做时:

reference the same variable so when you do:

$uid = $_GET['ID'];

相当于:

$SESSION['uid'] = $_GET['ID'];

我的建议?关闭注册全局变量.它在 PHP 5.3 中已被弃用，并将在 PHP 6 中移除.要关闭它，请编辑您的 php.ini 文件并更改为以下指令:

My advice? Turn off register globals. It's deprecated in PHP 5.3 and will be removed in PHP 6. To turn it off, edit your php.ini file and change to this directive:

register_globals = Off

然后重新启动 Apache(或任何您的 Web 服务器).

then restart Apache (or whatever your Web server is).

这篇关于本地变量干扰 $_SESSION 变量?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！