Re: [PHP-DB] php5-sessions next
mel list_php wrote: Dear Martin, Thank you very much for that, I made the suggested changes. The problem was again coming from the session.save_path directive which was not well configured. With your settings I know have a wonderful display of "undefined index", coming from all that non instantiated variables...at least I know what I have to do now!! [snip] No problem, glad to help! The extra errors is strange actually - that's E_STRICT error reporting. E_ALL doesn't include E_STRICT, so it's further odd that the line: error_reporting = E_ALL & ~E_NOTICE & ~E_STRICT return strict errors - it should read "return all errors, except notice, and except strict". In any case, you can change it to error_reporting = E_ALL & ~E_NOTICE "In PHP 4 and PHP 5 the default value is E_ALL & ~E_NOTICE. This setting does not show E_NOTICE level errors. You may want to show them during development." I don't develop with E_STRICT enabled - but then again, that's mainly because I could spend probably a month cleaning up uninitialized variables / array references and still not be close to finished. I'd love to turn it on for a new project (though I might end up turning it right back off!), but it's just not feasible with my existing projects. cheers, -- - Martin Norland, Sys Admin / Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] php5-sessions next
mel list_php wrote: Dear Martin, Thank you very much for that, I made the suggested changes. The problem was again coming from the session.save_path directive which was not well configured. With your settings I know have a wonderful display of "undefined index", coming from all that non instantiated variables...at least I know what I have to do now!! you have 3 options with these kinds of errors: 1. change error_reporting to not include NOTICEs 2. change all the relevant code so that all vars are initialized (possibly lots of work) 3. use the '@' sign on the vars to repress the errors e.g: if (@$_GET['rule']) { // take over world } I wouldn't recommend 3 unless its a specific case and you know what you're doing One thing: I use @session_start() because in the other case I have a warning a session has already been started. On the other had have to call it at the beginning of each script. Is there a way to test that? you may be able to get away with testing to see whether session_id() returns an empty string or not (i.e. if its empty you still have to start the session) although I would recommend rewriting your session starting code so that you only call session_start() in one place - if you put all this code in a seperate file you can then require_once() the file as and when you need it. With php5 I also saw than a script having a white line and only later on the Any reason for that? that doesn't sound like it should be happening - post some code please. Once again thank you for your help, and sorry I should have displayed the errors at the beginning. now you know :-) - the next time someone hits the list with a similar case you can 'parrot' Martin's tips! -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] php5-sessions next
Dear Martin, Thank you very much for that, I made the suggested changes. The problem was again coming from the session.save_path directive which was not well configured. With your settings I know have a wonderful display of "undefined index", coming from all that non instantiated variables...at least I know what I have to do now!! One thing: I use @session_start() because in the other case I have a warning a session has already been started. On the other had have to call it at the beginning of each script. Is there a way to test that? With php5 I also saw than a script having a white line and only later on the Any reason for that? Once again thank you for your help, and sorry I should have displayed the errors at the beginning. From: Martin Norland <[EMAIL PROTECTED]> Reply-To: php-db@lists.php.net To: php-db@lists.php.net Subject: Re: [PHP-DB] php5-sessions next Date: Wed, 02 Mar 2005 10:50:38 -0600 mel list_php wrote: Hi again, I erased and recreated my php.ini file from the php ini recommended. In my application I use a suthentication of the user against a database table, once the user is allowed I set a session variable at true. I test this variable at the beginning of each script. With php4 no problem, in each script I have: @session_start(); if (!$_SESSION['allowed']) exit(); With php5, I'm unable to navigate through different protected pages, each time I have to re-login. I don't know if it is something in my php.ini that is wrong, or if the session support has been modified between php4 and 5? I tried to find information on the web but without success. Comparing the section dedicated to session in phpinfo on my 4.3 and on 4.5, the only difference is on 4.3 session.save_path=/tmp whereas for php5 even if specified in the php.ini it still has no value. I'm a bit stuck here, anybody has an idea? Whenever you run into errors - the first thing to do is start getting error messages back. There are two ways to do this: 1) modify your php.ini to make sure it's reporting errors usefully, and check your logs - 2) modify your code that is EXPRESSLY SUPPRESSING ERRORS to not do so. 1) in php.ini (E_STRICT might be php5 only, I don't recall exactly - shouldn't hurt if it's undefined and you & ~ it) error_reporting = E_ALL & ~E_NOTICE & ~E_STRICT 2) in code @session_start(); becomes session_start(); ... in addition, there is an option that many developers do not change in php.ini between development and live sites - and they should: ; Print out errors (as a part of the output). For production web sites, ; you're strongly encouraged to turn this feature off, and use error logging ; instead (see below). Keeping display_errors enabled on a production web site ; may reveal security information to end users, such as file paths on your Web ; server, your database schema or other information. display_errors = Off you'll want to couple this with some of the following: ; Log errors to specified file. ;error_log = filename ; Log errors to syslog (Event Log on NT, not valid in Windows 95). error_log = syslog /longwindedrant Cheers, -- - Martin Norland, Sys Admin / Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Express yourself with cool new emoticons http://www.msn.co.uk/specials/myemo -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] php5-sessions next
mel list_php wrote: Hi again, I erased and recreated my php.ini file from the php ini recommended. In my application I use a suthentication of the user against a database table, once the user is allowed I set a session variable at true. I test this variable at the beginning of each script. With php4 no problem, in each script I have: @session_start(); if (!$_SESSION['allowed']) exit(); With php5, I'm unable to navigate through different protected pages, each time I have to re-login. I don't know if it is something in my php.ini that is wrong, or if the session support has been modified between php4 and 5? I tried to find information on the web but without success. Comparing the section dedicated to session in phpinfo on my 4.3 and on 4.5, the only difference is on 4.3 session.save_path=/tmp whereas for php5 even if specified in the php.ini it still has no value. I'm a bit stuck here, anybody has an idea? Whenever you run into errors - the first thing to do is start getting error messages back. There are two ways to do this: 1) modify your php.ini to make sure it's reporting errors usefully, and check your logs - 2) modify your code that is EXPRESSLY SUPPRESSING ERRORS to not do so. 1) in php.ini (E_STRICT might be php5 only, I don't recall exactly - shouldn't hurt if it's undefined and you & ~ it) error_reporting = E_ALL & ~E_NOTICE & ~E_STRICT 2) in code @session_start(); becomes session_start(); ... in addition, there is an option that many developers do not change in php.ini between development and live sites - and they should: ; Print out errors (as a part of the output). For production web sites, ; you're strongly encouraged to turn this feature off, and use error logging ; instead (see below). Keeping display_errors enabled on a production web site ; may reveal security information to end users, such as file paths on your Web ; server, your database schema or other information. display_errors = Off you'll want to couple this with some of the following: ; Log errors to specified file. ;error_log = filename ; Log errors to syslog (Event Log on NT, not valid in Windows 95). error_log = syslog /longwindedrant Cheers, -- - Martin Norland, Sys Admin / Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php