PHP session variables automatically assigned to regular variables

I was participating in IX web hosting and I came across something that struck me as odd. All my $ _SESSION variables are automatically assigned to a regular variable with the same name. Is this normal PHP behavior? I looked it up in the php.net manual and couldn't find an answer. Here's an example script:

<?php
$_SESSION['myvar'] = "hello";
echo $myvar; // after a page refresh, displays hello

$myvar = "goodbye";
echo $_SESSION['myvar']; // displays goodbye
?>

      

On my localhost I get an error in undefined variable: $ myvar, but in IX the script is running! Dangerous or normal PHP behavior? Thanks in advance.

+3


source to share


1 answer


This "function" controlled by the php.ini directive is called register_globals

. It is disabled by default as of PHP 4.2 and removed entirely in PHP 5.4.



Unless you have legacy code depending on it, I would sincerely recommend that you disable it if you can . Suffice it to say that the security implications are significant.

+3


source







All Articles