Hi,
You really only need to set $_SESSION['s_C'] to $_GET['C'] if you need to
know what $_GET['C'] was passed from the URL in another script using
sessions. If you are only interested in setting a local variable for use in
the current script then I'd do this:
session_start();
header("Cache-control: private"); // IE 6 Fix.
// Has C been passed in the URL?
// If so, change it.
if ( isset($_GET['C']) ) {
$C = htmlspecialchars(trim($_GET['C']));
}
// if needed
$_SESSION['s_C'] = $C;
Mike
--
Mike Brandonisio * Web Hosting
Tech One Illustration * Database Applications
tel (630) 759-9283 * e-Commerce
[EMAIL PROTECTED] * http://www.jikometrix.net
JIKOmetrix - Reliable web hosting
on 5/1/05 3:06 AM, Pete at [EMAIL PROTECTED] scribbled:
> In message <[EMAIL PROTECTED]>, Mike Brandonisio
> <[EMAIL PROTECTED]> writes
>> Hi James,
>>
>> Thank you for the detailed reply. Personally I never register variables as
>> global but do use $_SESSION, $_POST and $_GET IN additional local variables.
>> I was playing with Zen Cart and then install noted that Register_Globals was
>> on, So I wanted to turn it off.
>
> I am also using $_SESSION, $_POST and $_GET, but I am getting into a
> mess when session variables are changed on a page within the project - I
> can't seem to get my head around whether the session variables need
> updating or not, and how.
>
> I am Including a file, session.php, with all pages, which looks like
> this:
>
>
> session_start();
> header("Cache-control: private"); // IE 6 Fix.
>
> // Has C been passed in the URL?
> // If so, change it.
> if ($_GET['C']){$_SESSION['s_C']=$_GET['C'];}
>
> // Make the variable easier to handle
> $C=$_SESSION['s_C'];
>
>
>
> C is the product code. I need to be able to jump into the centre of the
> site, so C might be changed in the URL. If it is hacked, it won't do
> any damage, it will just look for the wrong product, and there is error
> handling in place in case the product does not exist.
>
> Does this look correct? What about if the user searches in the site,
> using a form that POSTS C?
>
> I have been going round this for so long now, that the whole concept is
> getting foggy...
>
Community email addresses:
Post message: [email protected]
Subscribe: [EMAIL PROTECTED]
Unsubscribe: [EMAIL PROTECTED]
List owner: [EMAIL PROTECTED]
Shortcut URL to this page:
http://groups.yahoo.com/group/php-list
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-list/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
