On 6/19/05, henri <henri@xxxxxxxxxxxx> wrote:
> Please try this code :
> session_start();
> $_SESSION["cust_id"]=$rec_cust[0];
> $_SESSION["cust_nm"]=$rec_cust[1];
> $_SESSION["cust_nm"]=$rec_cust[2];
>
> And in another page you want to access this session variable use this code
> session_start(); //this code must appear before any output to html
> <?php
> > if(isset($cust_id))
> > {
> > #display page, if user had been login
> > ........
> > ........
> > }else
> > {
> > session_destroy();
> > echo "Sorry,You are not login yet.";
> > }
>
Hello Henri. Your code assumes that register_globals is set "on"
(otherwise $cust_id would have no value). But in such case,
$cust_id === $_SESSION['cust_id'] === $_GET['cust_id']
so you could easily break the system just by adding that parameter in the URL:
http://example.com/another_page.php?cust_id=1
It's safer to always use the long form of variables, even if
register_globals are on, i.e, $_SESSION['varname'] instead of
$varname.
--
Juan Pablo Gil R.
Director OnFocus - de la Idea al Bit
http://www.onfocus.cl/
PHP Data object relational mapping generator - http://www.meta-language.net/
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-objects/
<*> To unsubscribe from this group, send an email to:
php-objects-unsubscribe@xxxxxxxxxxxxxxx
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
