Home/ Questions/Q 565393
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T12:52:03+00:00

The output of the following code on a random page is : print $_SESSION[‘uid’];

  • 0

The output of the following code on a random page is :

            print $_SESSION['uid']; // logged in user
        // Get Data .
        $uid = $_GET['ID']; // part of random page processing
            print $_SESSION['uid'];

is :

1
2

My logged in User ID is changing ! :@

The code for the login (authenticate) page is something like this :

        // Authenticate
        $query = "SELECT * FROM User WHERE Email = '".$Email."' AND Password = '".$Password."'";
        $result = mysql_query($query);

        // Authenticated?
        if(mysql_num_rows($result)) {
            // Yes

            // Set session Vars
            $uid = mysql_result($result,0,ID);
            $Access = mysql_result($result,0,Access);

            session_destroy();
            session_start();
            $_SESSION['loggedIN'] = 1;
            $_SESSION['Access'] = $Access;
            $_SESSION['uid'] = $uid;

            // Print a successful login and redirect
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    What you’re seeing is a side-effect of register_globals. Basically:

    $uid

    and

    $_SESSION['uid']

    reference the same variable so when you do:

    $uid = $_GET['ID'];

    it’s the equivalent of:

    $SESSION['uid'] = $_GET['ID'];

    My advice? Turn off register globals. It’s deprecated in PHP 5.3 and will be removed in PHP 6. To turn it off, edit your php.ini file and change to this directive:

    register_globals = Off

    then restart Apache (or whatever your Web server is).

    • 0