PHP session variables automatically assigned to regular variables

Question

PHP session variables automatically assigned to regular variables

I was participating in IX web hosting and I came across something that struck me as odd. All my $ _SESSION variables are automatically assigned to a regular variable with the same name. Is this normal PHP behavior? I looked it up in the php.net manual and couldn't find an answer. Here's an example script:

<?php
$_SESSION['myvar'] = "hello";
echo $myvar; // after a page refresh, displays hello

$myvar = "goodbye";
echo $_SESSION['myvar']; // displays goodbye
?>

On my localhost I get an error in undefined variable: $ myvar, but in IX the script is running! Dangerous or normal PHP behavior? Thanks in advance.

+3

php session

bob dope 08 Mar At 11:44 pm

source to share

1 answer

Joachim isaksson · Accepted Answer · 2012-03-08T23:47:33+0000

This "function" controlled by the php.ini directive is called register_globals

. It is disabled by default as of PHP 4.2 and removed entirely in PHP 5.4.

Unless you have legacy code depending on it, I would sincerely recommend that you disable it if you can . Suffice it to say that the security implications are significant.

PHP session variables automatically assigned to regular variables

More articles: