Ask a Question Register Login

PHP session side-effect warning - how to get solve?

688

I'm fairly new to php, and am sure this is easy, but I'd like to do it the right way. I have this script:

<?php
if ($_POST["username"]=="") {
    include($_SERVER['DOCUMENT_ROOT'] ."/login.inc.php");
} else { 
    $username=$_POST["username"];
    $password=$_POST["password"];
    session_start();
    if ($username=="bob" AND $password=="123"){ $permission="yes";}
    $username=$_POST["username"];
    session_register("permission");   
    session_register("username");  

    if ($permission=="yes"){
        // Show stuff
    }
}
?>

Excuse the funky formatting of my code - can't seem to get it to show properly.

So, I keep getting this error:

Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively in Unknown on line 0

Which I'm assuming means I need to change one of my variable names so it doesn't conflict with the session variable right? That's what I read, but I'm not sure which one to change.

Can anyone help / show me please?

Thanks

osu

919

Answer

Solution:

It is happening because of

session_register("username");

It is not recommended, and deprecated as of PHP 5.3.

If you want your script to work regardless of register_globals, you need to instead use the $_SESSION array as $_SESSION entries are automatically registered. If your script uses session_register(), it will not work in environments where the PHP directive register_globals is disabled.

Source.

As we all know,register_globals is terrible, and should always be off.

The most common way to register a session var is with the$_SESSION superglobal, i.e.

$_SESSION['username'] = $username;
408

Answer

Solution:

You better start on getting rid of deprecated functions such as session_register().

Use the $_SESSION array, e.g.

$_SESSION['username'] = $_POST['username'];

People are also looking for solutions to the problem: drupal 6 - PHP: Get http status code that own script just sent out via shutdown function

Source

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.