Home/ Questions/Q 350687
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T11:34:23+00:00

I commonly see people setting $_SESSION variables as $_SESSION[‘example’]=$_REQUEST[‘something’]; $example=$_SESSION[‘example’]; is this redundant? I

  • 0

I commonly see people setting $_SESSION variables as

$_SESSION['example']=$_REQUEST['something'];
$example=$_SESSION['example'];

is this redundant?

I am currently working on a new server and 

$_SESSION['example']=$_REQUEST['something'];

gives me access to $example without any extra code

is this normal or a php configuration making my life easier but potentially more dangerous?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This sounds like a php.ini directive called register_globals is on for the server you are working with. This is considered bad practice, and is even deprecated and removed in the latest releases of php. check out this portion of the php documentation for more details.

    http://www.php.net/manual/en/security.globals.php

    Edit – as it pertains to your comment.

    You should never trust the input provided by your users, and should sanitize it by removing or neutralizing characters that could be used for cross site scripting, injection attacks, or just crap data from getting into your session, cookies, or database.

    check out the following to get up to speed.

    http://www.codeassembly.com/How-to-sanitize-your-php-input/

    http://www.phpbuilder.com/columns/sanitize_inc_php.txt

    http://www.devshed.com/c/a/PHP/Sanitizing-Strings-with-Filters-in-PHP-5/

    • 0