Jump to content
Larry Ullman's Book Forums

Recommended Posts

I am now getting this error in my coding, since adding the last module that we have been discussing regarding single and double quotes in the previous topic:

 

Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively in Unknown on line 0

 

I have been looking thru my code and not finding any variables with the same name as the session variable. Any other causes??

 

dickm

Link to comment
Share on other sites

I've never seen that error before, but it appears to be related to having register_globals enabled in your php.ini file. When register_globals is enabled, PHP will convert $_GET, $_POST, and other super global variables to conventional variables. In other words, if you are passing data with a query string like ?username=Fred (that's a $_GET variable), register_globals will convert that to $username automatically. Same goes for $_POST, $_SERVER and $_SESSION variables. So you may be experiencing a collision of variables related to what is currently in the $_SESSION array.

 

The safest thing to do is to disable register_globals in your php.ini file, and always refer to external variables by referencing the super global array from which they came. There is a nice writeup on how register_globals can cause security problems unless you are very careful to initialize all variables at the very start of your script.

  • Upvote 1
Link to comment
Share on other sites

That is baffling, then! It's good that register_globals is off, though. You might be able to safely handle this by setting session.bug_compat_42 to off, but this topic is out of my comfort zone for advice. Let's see what Larry or anyone with more server admin experience advises.

 

What version of PHP/MySQL are you on? This is very important information that should be included with all of your posts. A good practice is to create a signature in your forum profile that includes this information, like I have done.

  • Upvote 1
Link to comment
Share on other sites

Just thought that I would pass along the solution to this error problem.

 

In my coding I had the following new code additions:

 

$cust = escape_data($_REQUEST['customer']);

$_SESSION['mycustomer']=$cust;

 

What became the indication solution for me was the part of the error statement that said

"be advised that the session extension does not consider global variables as a source of data",

so I changed the code as follows and the error condition did not appear:

 

 

$_SESSION['mycustomer'] = escape_data($_REQUEST['customer']);

 

Hope this helps clarify this problem for others also.

 

dickm

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...