Thanks! In fact I just updated my code to your exact example below and it
works! Its a good thing you all fixed this for me...I have very few hairs
left! Thanks again everyone...drb
On Sun, Aug 10, 2008 at 4:53 PM, Micah Gersten <micah@xxxxxxxxxxx> wrote:
> There's your answer. With register_globals on $_SESSION['rights']
> becomes $rights and when you do extract($row) you are overwritting the
> $_SESSION variable. A safer way of using your code would be:
>
> while ($row = mysql_fetch_array($result1, MYSQL_ASSOC))
>
> {
>
> ?>
> <option value="<?=$row['user']?>"><?=$row['fname']?> <?=$row['lname']?>
> - <?=$row['user']?>
> <?
>
>
> Thank you,
> Micah Gersten
> onShore Networks
> Internal Developer
> http://www.onshore.com
>
>
>
> Darron Butler wrote:
> > Thanks for your thoughts. To answer your first question, I'm using
> extract()
> > because this is a page where admins and super users can edit the
> permissions
> > of others for the site. Therefore, I have to query the database to create
> a
> > listing of all users, and then have the admin/super user select one to
> > modify (I was planning to serve the 'rights' informatin from the selected
> > user via POST to another page where changes could be made). sometimes the
> > user and rights that I get "assigned" when I hit refresh are another user
> > with super rights and sometimes one with less than super rights and then
> I
> > get sent to the 'die' landing page. I'm a real newbie at PHP/MySQL, so if
> > there is a better/easier/more efficient way of creating the select list,
> I'm
> > just not aware of how to do it. I just tried removing the extract
> statement
> > and the select list is now empty...
> >
> > I'm using a free PHP/MySQL host online so I don't have access to make
> > register_global changes, but I did find in the documentation that they
> have
> > it set to "on". On a similar note, the variable $_SESSION['rights'] does
> > certainly exist, it exists for the admin/super user logged in and
> accessing
> > the administration page.
> >
> > What's interesting about this whole thing is that I have changed the
> query
> > to include non session variables I have set and everything works fine.
> For
> > instance (to clarify) since I set $_SESSION['user'] and
> $_SESSION['rights']
> > when the user logs in, if my query to create the selection list is based
> on
> > any other table columns (for instance, fname and lname and NOT user or
> > rights) then the "weird" behavior does not show up. Having gone thru
> > that...somehow, someway, the query of all user info seems to change the
> > session variables. I appreciate your brain power thinking thru this! Any
> new
> > thoughts? drb
> > On Sun, Aug 10, 2008 at 2:33 PM, Evert Lammerts <
> evert.lammerts@xxxxxxxxx>wrote:
> >
> >
> >>> Why use extract()? Try commenting it out... apart from it being
> >>>
> >> If you use 'register globals' there's a good chance that a variable
> >> $rights exists because it's a key in your $_SESSION array (don't shoot
> >> me if I'm wrong, I've never worked with 'register globals'). By using
> >> extract() without the $type parameter (so with EXTR_OVERWRITE set),
> >> the $type variable is overwritten.
> >>
> >> So do try commenting it out.
> >>
> >>
> >
> >
>
