On 08/04/2021 22:03, Tedd Sperling wrote:
Hi Gang:
It was reported to me that PHP has problems occasionally with variable names being the same as SESSION variable names — is that true?
For example, could the following present a problem:
$color = “red”;
$_SESSION[‘color’] = $color;
I had that happen well over a decade ago, but nothing recent. How about you guys?
Thanks,
Tedd
Tedd Sperling
tedd@xxxxxxxxxxxx
I think that would only be a problem if register_globals was set to true
(which it isn't by default, and shouldn't ever really be these days), as
that setting basically sets the normal super globals ($_REQUEST, $_GET,
$_POST, $_SESSION, etc) values as global variables themselves. So
$_SESSION['foo'] also becomes available as $foo.
For security reasons this should always be avoided, as it would be
trivial for a malicious user to override key variables in an app.
As long as register_globals is false, there shouldn't be any clashes
with $_SESSION elements and global variables, but if you're overly
concerned you can move as much as possible out to namespaced files which
would change the scope and availability of things.
