Assigning a value to a variable changes a session variable's value

Question

One of my PHP pages, which runs on a remote server allegedly with PHP 5.2 installed, receives a POST request with a set "passcode" key and then, as it seems, the most strange things may happen. In the following code, "passcode" of the POST request is redefined to make value tracking simpler for you guys, but in tests it still produces the supernatural output indicated in the comments.

$_POST["passcode"] = "hi";
$_SESSION["passcode"] = "hello";

echo $_SESSION["passcode"] . '<br />'; // prints "hello"
$passcode = $_POST["passcode"];
echo $_SESSION["passcode"] . '<br />'; // prints "hi"

EDIT: So looks like it's about register_globals. Hence is another question:

Is there any way to turn this behavior off if I don't have access to the php.ini file on the server I'm running the code on?

With only that in the receiving file you have those results, or when it's through your entire, existing code? — MetalFrog
– MetalFrog, Commented Jan 20, 2012 at 13:26
That's odd.<br /> Is it the same when you comment out the fifth line? — moebius_eye
– moebius_eye, Commented Jan 20, 2012 at 13:27
@MetalFrog That POST receiving php file is the only place where I've tested it so far. — Desmond Hume
– Desmond Hume, Commented Jan 20, 2012 at 13:31

Michael Krelin - hacker · Accepted Answer · 2012-01-20 13:25:57Z

8

Clearly, session variables are registered as globals.

answered Jan 20, 2012 at 13:25

Michael Krelin - hacker

144k25 gold badges200 silver badges177 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

Mchl · Accepted Answer · 2012-01-20 13:45:06Z

7

Smells like register_globals

If you can't edit your php.ini file, you can disable this setting in .htaccess file, as described here

edited Jan 20, 2012 at 13:45

answered Jan 20, 2012 at 13:26

Mchl

62.4k9 gold badges121 silver badges121 bronze badges

Comments

CyrillC · Accepted Answer · 2012-01-20 13:27:26Z

2

Session Variables may be configured to be handled as Global Varibales and so can be accessed through $_SESSION["passcode"] as well as $passcode. check your PHP Configuration (register_Globals)

answered Jan 20, 2012 at 13:27

CyrillC

5571 gold badge3 silver badges15 bronze badges

Comments

Rajat Singhal · Accepted Answer · 2012-01-20 13:49:35Z

2

One possible reason it is possible is somewhere you have written

$_SESSION['passcode']=&$passcode;

edited Jan 20, 2012 at 13:49

answered Jan 20, 2012 at 13:26

Rajat Singhal

11.3k5 gold badges40 silver badges57 bronze badges

Comments

Udayaditya Barua · Accepted Answer · 2012-01-20 13:30:32Z

-1

Change the name of the variable

$passcode

to something else.?

answered Jan 20, 2012 at 13:30

Udayaditya Barua

1,18212 silver badges26 bronze badges

1 Comment

Desmond Hume Over a year ago

I'd rather change my hosting provider than my programming style.

Collectives™ on Stack Overflow

Assigning a value to a variable changes a session variable's value

5 Answers 5

Comments

Comments

Comments

Comments

1 Comment

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

5 Answers 5

Comments

Comments

Comments

Comments

1 Comment

Your Answer

Sign up or log in

Post as a guest

Related