i've just been told half way through a job that reg globals are a security risk and they will be turned off!
they said to use sessions instead but i'm not sure how.
how would i use these on a form or a query?
php q.
$query_PD = "SELECT * FROM property WHERE pcode='$pcode'";
Sessions are not needed to replace register globals. Basically, replace anything where you use a POST or GET variable (like $pcode) with the appropriate global (like $GET['pcode'] or $POST['pcode']). If you don't want to be bothered replacing everything, I'm sure you can construct a powerful regex query to do the same.
thanks. that doesn't seem too bad. do i need to put session_start();
If you end up using sessions, yes, you do.
Just a note - I've started experimenting with sessions, and I'm not sure when it occurs, but it will error out sometimes if you don't put session_start(); as the very first line
i.e.:
<?session_start();Right at the beginning of the page, even before html. Anyone know why this is so freakin' sensitive? I'm running php5.
Also, I think i got errors bec. my php.ini wasn't proplerly pointing to the sessiondata folder within the PHP folder (on the network drive of your server). Make sure you verify that's correct.
Anyway just a thought.
Session send cookies as headers, and because headers need to be sent before any output, that's why you'd get an error. Make sure that session_start() is called before any HTML content, echos, prints, etc. Even a blank space before <?php is considered content.
Good:
<?php
session_start();
?>
Bad:
<?php
session_start();
?>
lol uh...sorry i can't see a difference between the two, what is there?
The second one had a space (" ", &nsp;, ALT+0160, etc.) in front of the <?php. Unfortunately vBulletin strips extra whitespace, so you can't see it. Perhaps code view will help:
<?php
session_start();
?>
<?php
session_start();
?>
More detail on the header issue is in one of the FAQs
