In message <[EMAIL PROTECTED]>, Mike Brandonisio
<[EMAIL PROTECTED]> writes
>Hi James,
>
>Thank you for the detailed reply. Personally I never register variables as
>global but do use $_SESSION, $_POST and $_GET IN additional local variables.
>I was playing with Zen Cart and then install noted that Register_Globals was
>on, So I wanted to turn it off.
I am also using $_SESSION, $_POST and $_GET, but I am getting into a
mess when session variables are changed on a page within the project - I
can't seem to get my head around whether the session variables need
updating or not, and how.
I am Including a file, session.php, with all pages, which looks like
this:
session_start();
header("Cache-control: private"); // IE 6 Fix.
// Has C been passed in the URL?
// If so, change it.
if ($_GET['C']){$_SESSION['s_C']=$_GET['C'];}
// Make the variable easier to handle
$C=$_SESSION['s_C'];
C is the product code. I need to be able to jump into the centre of the
site, so C might be changed in the URL. If it is hacked, it won't do
any damage, it will just look for the wrong product, and there is error
handling in place in case the product does not exist.
Does this look correct? What about if the user searches in the site,
using a form that POSTS C?
I have been going round this for so long now, that the whole concept is
getting foggy...
--
Pete Clark
http://www.hotcosta.com
http://www.spanishholidaybookings.com
Community email addresses:
Post message: [email protected]
Subscribe: [EMAIL PROTECTED]
Unsubscribe: [EMAIL PROTECTED]
List owner: [EMAIL PROTECTED]
Shortcut URL to this page:
http://groups.yahoo.com/group/php-list
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-list/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
