when I store data in a variable like:
// inside the login page
$_SESSION['username'] = $username;
$_SESSION['user_id'] = $user_id;
and i reference that SESSION on another page like:
// on the users homepage
$new_variable = $_SESSION['username'];
changes it's value to something diff开发者_如何转开发erent from the database.
OR for example, if i make a new variable called $user_id
// creating a new variable in the users inbox
$user_id = 12312;
it changes the SESSION value to that as well.
Does anyone know where I'm going wrong?Thank you!
Sounds like register_globals is enabled. This means that the $_SESSION and global variables will effectively operate as the same thing. You should set register_globals to Off if you're in control of the hosting, and if not, ask the host. Finally you should probably move hosting, as it's very insecure and difficult to program around safely.
You can demonstrate this problem with other global arrays, include $_GET.
See http://php.net/manual/en/security.globals.php for more details
Turn off register_globals in php.ini
精彩评论