NYCPHP Meetup

[LK]

Just as I was reading this thread on sesion variables I was having a problem with my session variables getting changed on the fly seemingly for no reason. I've isolated this problem and condensed it to the bare minimum for you to see and comment upon:

1. Create a file x.php:

<?php
session_start();
$_SESSION['x'] = "session variables are GOOD";
?>

<html>
<body>
 <a href="y.php">Go to y.php</a>
</body>
</html>

2. Create a file y.php

<?php
session_start();

echo $_SESSION['x']."<br/>";      // outputs session variables are GOOD

$x = "session variables are EVIL"; 

echo $_SESSION['x'];      // outputs session variables are EVIL
?>

Point your browser to x.php and click on the link "Go to y.php" to invoke the y.php file.

File x.php simply sets a session variable $_SESSION['x'].

File y.php assigns an internal variable $x, and that all by itself blows away $_SESSION['x'].

The _GET and _POST variables do not have this problem. 

It's an easy fix simply to use a different name instead of $x, but still... this is not a nice behaviour, if not an outright bug.

- Leo.



----- Original Message ----
From: Brian Dailey <support at dailytechnology.net>
To: NYPHP Talk <talk at lists.nyphp.org>
Sent: Thursday, December 14, 2006 11:49:22 AM
Subject: Re: [nycphp-talk] session variables "evil"?


I've been writing PHP for years now, and this is the first time I've 
been aware of anyone complaining about oddities with $_SESSION (granted, 
I use it for little else than tracking user information). What sort of 
"oddities" have you seen?

- Brian

Allen Shaw wrote:
> Paul Houle wrote:
>> most applications that use session variables are "broken by design".
>>
> 
> Really?  That's a surprising assertion, though I'll agree my surprise 
> probably comes more from my own lack of insight than a flaw in your 
> argument. Of course a quick google shows a few people hold that session 
> vars are "evil," but I can't find much to back up the idea.
> 
> Can you elaborate, or give us a few links on the topic?
> 
> (BTW, Paul, I'm sure you're not speaking without experience, just want 
> to clarify my own understanding a little more.)
> 
> - Allen
> 
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20061215/b5109d83/attachment.html>