On 15 October 2003 05:25, Jake McHenry contributed these pearls of wisdom: > Yes, submit, inout, username and password all come from the > index.php form submission, but username changes throughout the > different pages, that was one of my problems. I'm not sure > what I did wrong before, but once I set a variable using > $_SESSION, I couldn't change it unless I close the browser and > start over. > > Just to make sure, register_globals should be set to off for > best security reasons, correct? I guess that should have been > my first question. And will sessions still work if it's turned > off? Right now it's turned on for all my stuff to work.
Yes, and Yes. But, from the code you've posted, it looks like you're still trying to use global variables, which just plain won't work with register_globals=Off. Just to be clear, if submit, inout, username and password come from a form, then you can't just refer to $submit, $inout etc., which your code appears to do (at least, I can't find any initializations of them). You must use $_POST['submit'] etc. if your form method='post', or $_GET['submit'] etc. if your form action='get'. And *all* your session variable handling should likewise be done with $_SESSION[], without using session_register(), session_unregister(). I know I may be telling you stuff you're probably already aware of, but I just want to be clear that we're all starting from the same baseline. Cheers! Mike --------------------------------------------------------------------- Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning & Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
