philip Thu Feb 1 00:40:24 2007 UTC
Modified files: /phpdoc/en/reference/session reference.xml Log: Removed register_globals = on requirement from an example, and using htmlspecialchars() instead of strip_tags() for the XSS exploit prevention example http://cvs.php.net/viewvc.cgi/phpdoc/en/reference/session/reference.xml?r1=1.57&r2=1.58&diff_format=u Index: phpdoc/en/reference/session/reference.xml diff -u phpdoc/en/reference/session/reference.xml:1.57 phpdoc/en/reference/session/reference.xml:1.58 --- phpdoc/en/reference/session/reference.xml:1.57 Fri Jan 13 14:54:47 2006 +++ phpdoc/en/reference/session/reference.xml Thu Feb 1 00:40:24 2007 @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="iso-8859-1"?> -<!-- $Revision: 1.57 $ --> +<!-- $Revision: 1.58 $ --> <!-- Purpose: basic.session --> <!-- Membership: core --> @@ -325,20 +325,22 @@ <programlisting role="php"> <![CDATA[ <?php -if (!session_is_registered('count')) { - session_register('count'); - $count = 1; + +session_start(); + +if (empty($_SESSION['count'])) { + $_SESSION['count'] = 1; } else { - $count++; + $_SESSION['count']++; } ?> <p> -Hello visitor, you have seen this page <?php echo $count; ?> times. +Hello visitor, you have seen this page <?php echo $_SESSION['count']; ?> times. </p> <p> -To continue, <a href="nextpage.php?<?php echo strip_tags(SID); ?>">click +To continue, <a href="nextpage.php?<?php echo htmlspecialchars(SID); ?>">click here</a>. </p> ]]> @@ -346,7 +348,7 @@ </example> </para> <para> - The <function>strip_tags</function> is used when printing the SID + The <function>htmlspecialchars</function> may be used when printing the SID in order to prevent XSS related attacks. </para> <para>