super globals

paulsim

I have just started to work with register_globals = Off in PHP4.3 on W2K.
Have I got it right?
A variable called username comes from a post form with a value of "Fred".

I can echo this OK in the next page with
echo $_POST['username'] - it shows Fred

My understanding is that this POST variable should be available in all subsequent pages as long as session_register() is used at the top of the page.

BUT the value of $_POST['username'] reverts to NULL once I am past the page immediately after the form.

ie echo $_POST['username'] gives a blank.

What am I doing wrong??? or where am I mixed up????

Weedpacket

No, you're thinking of $SESSION[]. $POST[] contains form data supplied by a POST request from the previous page only.

And it's [man]session_start[/man], not [man]session_register[/man].

PHPmill

You can use a simple foreach function to dump the post varilables into the session variables so you can use them on subsequent pages. You'll need to execute session_start() at the beginning of each page.

MarkR

Originally posted by PHPmill
You can use a simple foreach function to dump the post varilables into the session variables so you can use them on subsequent pages...

That is a really bad idea, as they might overwrite other session variables which you were relying on the content not being changable by the user.

I.e. doing the above may create a security hole in your application.

Mark

PHPmill

Put the ones you dont' want overwritten in an array and test for it. Or only assign certain ones, or give the form fields a prefix so they can be safetly dumped to the session vars.

paulsim

Originally posted by paulsim
I have just started to work with register_globals = Off in PHP4.3 on W2K.
Have I got it right?
A variable called username comes from a post form with a value of "Fred".

I can echo this OK in the next page with
echo $_POST['username'] - it shows Fred

My understanding is that this POST variable should be available in all subsequent pages as long as session_register() is used at the top of the page.

BUT the value of $_POST['username'] reverts to NULL once I am past the page immediately after the form.

ie echo $_POST['username'] gives a blank.

What am I doing wrong??? or where am I mixed up????

and Weedpacket wrote:-
No, you're thinking of $SESSION[]. $POST[] contains form data supplied by a POST request from the previous page only.

Thanks for that. I wonder why they are called superglobals.

I think semiglobals is a better name and keep the term superglobal for $_SESSION.

I wonder if I was the only thicko fooled by this.

The only way that $_POST etc is global as far as I can see is that it can be seen in functions called from that page - without having to assign them as being global. This is valuable of course, but hardly superglobal.

So is it reasonable to keep user name and password in $_SESSION so that it can be used for accessing the database; or is there a better way.

Seems to me that $_SESSION variables can be altered almost as easily as the old session variables.

Paul

Weedpacket

Originally posted by paulsim
Thanks for that. I wonder why they are called superglobals.

I think semiglobals is a better name and keep the term superglobal for $_SESSION.

"Semiglobal" would be a silly name because they're more global than global variables.

http://www.php.net/manual/en/language.variables.predefined.php
These new arrays are rather special in that they are automatically global--i.e., automatically available in every scope. For this reason, they are often known as 'autoglobals' or 'superglobals'.

Seems to me that $_SESSION variables can be altered almost as easily as the old session variables.

Easier; you don't need to explicitly register them or declare them as global.