PHP session variables automatically assigned to regular variables

I was participating in IX web hosting and I came across something that struck me as odd. All my $ _SESSION variables are automatically assigned to a regular variable with the same name. Is this normal PHP behavior? I looked it up in the manual and couldn't find an answer. Here's an example script:

$_SESSION['myvar'] = "hello";
echo $myvar; // after a page refresh, displays hello

$myvar = "goodbye";
echo $_SESSION['myvar']; // displays goodbye


On my localhost I get an error in undefined variable: $ myvar, but in IX the script is running! Dangerous or normal PHP behavior? Thanks in advance.


source to share

1 answer

This "function" controlled by the php.ini directive is called register_globals

. It is disabled by default as of PHP 4.2 and removed entirely in PHP 5.4.

Unless you have legacy code depending on it, I would sincerely recommend that you disable it if you can . Suffice it to say that the security implications are significant.



All Articles