Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
How can I check check that $_SESSION['text'] is indeed text and not some malicious .exe?
AND, if i do destroy_session(…) but set
$a = $_SESSION;
does $a become NULL now?
Only you can set session variables since the session data is stored on the server side (usually in a file in a tmp directory). But this data is serialized with something similar to
serialize. So the actual file contents are probably not in an appropriate format to being executed. So you don’t need to worry that that file will be executed by mistake.