Many session.?!(.. )

Anon

hi ~~the magicians for php
The subject of the downside is the problem to make me sick recently.

My phpcode become the session in A page.but My phpcode are not operated in a specific page.

####my try! number.1
The page there is the good luck if it uses well 'session start();'.
but A specific page can not be same.
####

########
This the code which the next is guessed to my problem.
##########

<? session_start() ;
?>
<?
header("Pragma: no-cache");

include("inc_mysql_connect.inc");
include(".inc");
include("con2.inc");
include("top.inc");
?>

<?include("copy.inc"); ?>
##############################
include file 1.2.3.
############################

<?
if (empty($orderid) && ((session_is_registered("memid"))>0)) {

$sql = "SELECT * FROM user 
        WHERE s_userid = '".$memid."'";
$result = mysql_query($sql);

if (!($row = mysql_fetch_object($result))) {
  $html = "login.php";
  include("login.php");
  exit();
}
mysql_free_result($result);

}
?>

#######
2 file
########
<? session_start() ;
?>
<?
$sql5 = "select id from user
where memid='$memid'";

$result5 = mysql_query($sql5);

$row5 = mysql_fetch_object($result5);

$id = $row5->id;

if ($type=="cancel") {
$sql = "SELECT delivery, tmpuser, vvt FROM orderinfo ";
$where = "WHERE num='$num' AND tmpuser='$tmpusernum' ";

if (empty($numid)) {
  $where .= " AND id = '$id' ";
}
else 

  $where .= " AND id LIKE 'X$numid%' ";

$result = mysql_query($sql.$where);

if ($row=mysql_fetch_object($result)) {

  if ($row->delivery=="N") {  
    $sql = "UPDATE orderinfo SET delivery = 'C' ";
    mysql_query($sql.$where);

    if (empty($numid) && 
         ((session_is_registered("memid")) > 0)) {

  $sql2="UPDATE user SET vvt=vvt+".$row->vvt."
             WHERE memid='".$memid."'";
      mysql_query($sql2);
    }   
  }
}
mysql_free_result($result);

}
?>

####
Here we will be byped a little.
#####
<? session_start() ;
?>
<script language="JavaScript">
<? if (empty($numid))
{ session_start();

  session_is_registered("memid");
  ...

...
...
?>
#######
The last is the javascript...
##########

Anon

I don't know the answer.

But, here is suggestion: when you are ALL finished getting everything working properly, rename your "include scripts" to end with ".php"

For example, if your include page is called "include.inc" rename it so it is "include.php"

I recommend that for security. If someone finds out the URL for your include.inc page, they will see all your source code.

Normally, when there is an error in PHP, the visitor's browser will read, "warning...error on line 3 in /blah/include.inc

And then, someone has access to your include script!! But, if you end it in .php, then it will be MORE secure!!