3

I'm hosted at IX webhosting, and I came across something that struck me as strange. All my $_SESSION variables are automatically assigned to a regular variable of the same name. Is that normal PHP behavior? I looked it up in the php.net manual and didn't find an answer. Here's an example script:

<?php
$_SESSION['myvar'] = "hello";
echo $myvar; // after a page refresh, displays hello

$myvar = "goodbye";
echo $_SESSION['myvar']; // displays goodbye
?>

On my localhost I get an error msg in the likes of undefined variable: $myvar but at IX, the script works! Hazardous or normal PHP behavior? Thanks in advance.

Improve this question
2
  • 4
    What @zerkms said. And this is why everyone makes fun of PHP. Commented Mar 8, 2012 at 23:47
  • It is quite a crazy feature. Thanks for your help Commented Mar 9, 2012 at 9:09

1 Answer 1

Reset to default
3

This "feature" controlled by a php.ini directive called register_globals. It has been disabled by default since PHP 4.2 and totally removed in PHP 5.4.

Unless you have legacy code depending on it, I would sincerely recommend that you turn it off if you can. Suffice to say, the security implications are pretty major.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

And if you can't turn it off, consider switching web hosts. :P Yeah...it's that bad.
It is incredibly bad. They only offer to turn it off with a custom cgi php.ini called from a .htaccess file ... Is that safe/efficient enough?
@bobdope As long as you can turn it off site wide with a single .htaccess file, it should be a perfectly ok solution. Of course default off would be a better solution, if you set another account up, you'll otherwise have to remember to do the same thing again.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.