So I'm doing some maintenance on a PHP site that is using $_SESSION variables. I started seeing some very very weird behavior and after hours of debugging I just figured this out. As an example, lets say I have a session variable setup like this:
$_SESSION['user']['id'] = 123;
$_SESSION['user']['firstname'] = 'John';
$_SESSION['user']['lastname'] = 'Doe';
At one point in a script, a call to a MySQL table is made using some Zend classes:
$sql = "SELECT whatever FROM table";
$user = $db->fetchRow($sql);
Now here is where the weirdness starts... After this database call is made, my $_SESSION['user'] array value is all of the sudden changed to be the object that is retrieved from the database call...
Basically: $_SESSION['user'] is now the same as the object that was retrieved using the fetchRow DB method that was supposed to be stored in the variable $user. I've never seen this before.
The only thing I can figure out is because the variable name $user is the same as the $_SESSION['user'] array key name, its acting as like a shortcut or something.
Is this some sort of weird PHP Session shortcuts that I've never heard of before?
On a side note, I know that accessing $_SESSION vars directly is not the best practice. I didn't build this website. My job is just to fix some stuff and add some features.
UPDATE: Sure enough, register_globals is on. Thanks for the quick help guys. No wonder I was seeing such weird behavior.