There's your answer. With register_globals on $_SESSION['rights']
becomes $rights and when you do extract($row) you are overwritting the
$_SESSION variable. A safer way of using your code would be:
while ($row = mysql_fetch_array($result1, MYSQL_ASSOC))
{
?>
<option value="<?=$row['user']?>"><?=$row['fname']?> <?=$row['lname']?> - <?=$row['user']?>
<?
Thank you,
Micah Gersten
onShore Networks
Internal Developer
http://www.onshore.com
Darron Butler wrote:
> Thanks for your thoughts. To answer your first question, I'm using extract()
> because this is a page where admins and super users can edit the permissions
> of others for the site. Therefore, I have to query the database to create a
> listing of all users, and then have the admin/super user select one to
> modify (I was planning to serve the 'rights' informatin from the selected
> user via POST to another page where changes could be made). sometimes the
> user and rights that I get "assigned" when I hit refresh are another user
> with super rights and sometimes one with less than super rights and then I
> get sent to the 'die' landing page. I'm a real newbie at PHP/MySQL, so if
> there is a better/easier/more efficient way of creating the select list, I'm
> just not aware of how to do it. I just tried removing the extract statement
> and the select list is now empty...
>
> I'm using a free PHP/MySQL host online so I don't have access to make
> register_global changes, but I did find in the documentation that they have
> it set to "on". On a similar note, the variable $_SESSION['rights'] does
> certainly exist, it exists for the admin/super user logged in and accessing
> the administration page.
>
> What's interesting about this whole thing is that I have changed the query
> to include non session variables I have set and everything works fine. For
> instance (to clarify) since I set $_SESSION['user'] and $_SESSION['rights']
> when the user logs in, if my query to create the selection list is based on
> any other table columns (for instance, fname and lname and NOT user or
> rights) then the "weird" behavior does not show up. Having gone thru
> that...somehow, someway, the query of all user info seems to change the
> session variables. I appreciate your brain power thinking thru this! Any new
> thoughts? drb
> On Sun, Aug 10, 2008 at 2:33 PM, Evert Lammerts <evert.lammerts@xxxxxxxxx>wrote:
>
>
>>> Why use extract()? Try commenting it out... apart from it being
>>>
>> If you use 'register globals' there's a good chance that a variable
>> $rights exists because it's a key in your $_SESSION array (don't shoot
>> me if I'm wrong, I've never worked with 'register globals'). By using
>> extract() without the $type parameter (so with EXTR_OVERWRITE set),
>> the $type variable is overwritten.
>>
>> So do try commenting it out.
>>
>>
>
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
