PHP $ _SESSION变量随机被覆盖? [英] PHP $_SESSION variables randomly get overwritten?
本文介绍了PHP $ _SESSION变量随机被覆盖?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
好的,当我运行这个脚本从论坛帖子中删除用户的评论时,$ _SESSION ['id'](用户的mysql id)更改为$ postid(论坛帖子的ID)。我没有调用任何函数来设置它,并且在会话初始化时调用了 session_write_close(); 。
<?php
session_start();
//我没有显示连接代码。
if(isset($ _ SESSION ['user'])){
$ user = mysql_real_escape_string($ _ SESSION ['user']);
$ userid = mysql_real_escape_string($ _ SESSION ['id']);
$ id = mysql_real_escape_string($ _ GET ['id']);
$ postid = mysql_real_escape_string($ _ GET ['article']);
$ result = mysql_query(DELETE FROM`______`.` ______`WHERE`userid` ='$ userid'AND`id` ='$ id'AND`user` ='$ user' )或死(mysql_error());
if(mysql_affected_rows($ result)== 1){
mysql_query(UPDATE`_______`.` ______`SET`points` =`points`-'1 'WHERE`id` ='$ userid'AND`username` ='$ user')或die(mysql_error()); $'$'$'$'$'''''''''''''''''''''''' '删除了评论'))或死(mysql_error());
}
mysql_close($ con);
ob_start();
header(location:../ view-article?id = $ postid);
ob_end_flush();
} //如果有用户
else {
ob_start();
header(location:http://boundsblazer.com/not-logged-in?url = articles.view-article:id = $ postid);
ob_end_flush();
}
?>
解决方案
如果 register_globals 打开,这一行
$ id = mysql_real_escape_string($ _ GET ['id']);
可能会改变 $ _ SESSION ['id'] 。所以请再次尝试 register_globals 关闭。
Okay, so when I run this script to remove a user's comment from a forum post, the $_SESSION['id'] (user's mysql id) changes to the $postid (the id of the forum post). I am not calling any function to set it, and I have session_write_close(); called when the session is initialized.
<?php
session_start();
// I'm not showing connection code.
if(isset($_SESSION['user'])){
$user = mysql_real_escape_string($_SESSION['user']);
$userid = mysql_real_escape_string($_SESSION['id']);
$id = mysql_real_escape_string($_GET['id']);
$postid = mysql_real_escape_string($_GET['article']);
$result = mysql_query("DELETE FROM `______`.`______` WHERE `userid`='$userid' AND `id`='$id' AND `user`='$user'")or die(mysql_error());
if(mysql_affected_rows($result) == 1){
mysql_query("UPDATE `_______`.`______` SET `points`=`points`-'1' WHERE `id`='$userid' AND `username`='$user'")or die(mysql_error());
mysql_query("INSERT INTO `________`.`_______` (`user`,`userid`,`amount`,`reason`) VALUES('$user', '$userid', '-1', 'Removed a comment')")or die(mysql_error());
}
mysql_close($con);
ob_start();
header("location:../view-article?id=$postid");
ob_end_flush();
} //if there is a user
else {
ob_start();
header("location:http://boundsblazer.com/not-logged-in?url=articles.view-article:id=$postid");
ob_end_flush();
}
?>
解决方案
If register_globals is on, this line
$id = mysql_real_escape_string($_GET['id']);
possibly change the value of $_SESSION['id']. So please try again with register_globals off.
这篇关于PHP $ _SESSION变量随机被覆盖?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
