My server is acting really wierd. I'm running php5.1.2 with Register Globals = On.
I set some $_SESSION variables when the user logs in. But if the user submits a form the $_SESSION var values get changed to the $_POST values. the post variables do have some of the same names as the $_SESSION vars do (IE: $_SESSION['user_name'], $_POST['user_name'], and regular $user_name ). My first guess would be that its because Register Globals is turned 'On'. But I still always write my variables strict. I'm always really careful of writing out the full variable type ( $_POST, $_GET, and $_SESSION). So I would think that they would be safe.
This is whats happening in my code:
1. at login I set the admin_level in $_SESSION['admin_level']
2. if that admin wants to create a new admin account for someone else (granted he has that privilege level) he submits a form with the $_POST['admin_level'] variable in it.
3. I do a lot of processing and validating with the variables before they are inserted into the db. so I save the $_POST vars in a regular var first. ($admin_level = $_POST['admin_level']; ) I only do this because it makes it a lot shorter type repetatively. I'm guessing that this is where php thinks that I'm trying to change the $_SESSION['admin_level'].
I just set this server up on a brand new MacBook Pro. my previous server was configure the exact same way, with Register Globals turned On. In fact I think that I just copied the php.ini from my other server into the new one. But my other server never had this problem. is this a problem with my server configuration in my php.ini? I don't understand why its doing it now when its never done it before on another server similarly configured.
I set some $_SESSION variables when the user logs in. But if the user submits a form the $_SESSION var values get changed to the $_POST values. the post variables do have some of the same names as the $_SESSION vars do (IE: $_SESSION['user_name'], $_POST['user_name'], and regular $user_name ). My first guess would be that its because Register Globals is turned 'On'. But I still always write my variables strict. I'm always really careful of writing out the full variable type ( $_POST, $_GET, and $_SESSION). So I would think that they would be safe.
This is whats happening in my code:
1. at login I set the admin_level in $_SESSION['admin_level']
2. if that admin wants to create a new admin account for someone else (granted he has that privilege level) he submits a form with the $_POST['admin_level'] variable in it.
3. I do a lot of processing and validating with the variables before they are inserted into the db. so I save the $_POST vars in a regular var first. ($admin_level = $_POST['admin_level']; ) I only do this because it makes it a lot shorter type repetatively. I'm guessing that this is where php thinks that I'm trying to change the $_SESSION['admin_level'].
I just set this server up on a brand new MacBook Pro. my previous server was configure the exact same way, with Register Globals turned On. In fact I think that I just copied the php.ini from my other server into the new one. But my other server never had this problem. is this a problem with my server configuration in my php.ini? I don't understand why its doing it now when its never done it before on another server similarly configured.
