tags:

views:

699

answers:

5
Q: 

Mutability and Reference of PHP5 GET Variables

I have the following in a page e.g. /mypage?myvar=oldvalue

$_SESSION['myvar'] = $_GET['myvar'];
$myvar = 'a_new_string'

Now $_SESSION['myvar'] has the value 'a_new_string'

Is this by design?

How can I copy the value of 'myvar' rather than a reference to it?

A: 

I don't believe it's by design, but it can certainly be annoying.

dylanfm  2008-11-19 12:40:33
+2  A: 

It's a feature not a bug :-)

luckily you can turn it off, set register_globals = off in your php.ini

Pat  2008-11-19 12:44:17
Downvoted because it doesn't happen!
Greg  2008-11-19 12:48:34
I suppose it depends on the exact version .... In the page I linked there are numerous (user) warnings about register_globals such as "If you manipulate $user you'll manipulate $_SESSION['user'] as well" which I figured is what the OP is suffering from
Pat  2008-11-19 12:57:17
This sure does sound like it's related to register globals. Are you sure that you have disabled it correctly? Edit the php.ini to be sure.
troelskn  2008-11-19 13:10:58
+1  A: 

I've tested this with register_globals on and off and can't reproduce it. What version of PHP are you using (I'm on 5.2.6).

Greg  2008-11-19 12:45:39
register_globals is on
EoghanM  2008-11-19 14:25:47
A: 

After running this:

<?php
session_start(); 
$_GET['myvar'] = ''; 
$_SESSION['myvar'] = $_GET['myvar']; 
$myvar = 'a_new_string'; 
var_dump($_SESSION); 
?>

on PHP 5.2.6 I get this:

array(1) { ["myvar"]=>  string(0) "" }
Adriano Varoli Piazza  2008-11-19 12:45:58
Sorry Moranar, I forgot to specify that I've got ?myvar=oldvalue in the query string, You are right that there is no change without myvar in the query string.
EoghanM  2008-11-19 12:59:29
+2  A: 

register_globals is the invention of the devil. Fortunately in PHP 6.0 it will be entirely disabled. It wasn't just a huge security problem, it makes people confuse. Please turn it off in your php.ini using register_globals = Off More information: http://us2.php.net/register_globals Also you can check the current settings with the command if (ini_get(register_globals)) echo "turn it off! :)';

Tamas Kalman  2008-11-19 14:24:29
Yes this has solved it!
EoghanM  2008-11-19 14:36:56
@EoghanM you could have solved it 2 hours earlier if you had read my answer ;-)
Pat  2008-11-19 18:22:13
Yes, but dh2k used the phrase 'invention of the devil' which is how I feel about PHP right now :-)
EoghanM  2008-11-20 12:42:10

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases