问题
The output of the following code on a random page is :
print $_SESSION['uid']; // logged in user
// Get Data .
$uid = $_GET['ID']; // part of random page processing
print $_SESSION['uid'];
is :
1
2
My logged in User ID is changing ! :@
The code for the login (authenticate) page is something like this :
// Authenticate
$query = "SELECT * FROM User WHERE Email = '".$Email."' AND Password = '".$Password."'";
$result = mysql_query($query);
// Authenticated?
if(mysql_num_rows($result)) {
// Yes
// Set session Vars
$uid = mysql_result($result,0,ID);
$Access = mysql_result($result,0,Access);
session_destroy();
session_start();
$_SESSION['loggedIN'] = 1;
$_SESSION['Access'] = $Access;
$_SESSION['uid'] = $uid;
// Print a successful login and redirect
回答1:
What you're seeing is a side-effect of register_globals. Basically:
$uid
and
$_SESSION['uid']
reference the same variable so when you do:
$uid = $_GET['ID'];
it's the equivalent of:
$SESSION['uid'] = $_GET['ID'];
My advice? Turn off register globals. It's deprecated in PHP 5.3 and will be removed in PHP 6. To turn it off, edit your php.ini file and change to this directive:
register_globals = Off
then restart Apache (or whatever your Web server is).
回答2:
That's weird... Are you sure you're not doing $_SESSION['uid']++ anywhere?
Also, do you have register_globals on?
回答3:
register_globals should be off by default.
Is there some call to session_register anywhere?
来源:https://stackoverflow.com/questions/2079710/local-vars-interfere-with-session-vars