From owner-freebsd-questions Wed May 1 15:15:53 2002 Delivered-To: freebsd-questions@freebsd.org Received: from sub21-156.member.dsl-only.net (sub21-156.member.dsl-only.net [63.105.21.156]) by hub.freebsd.org (Postfix) with ESMTP id B627937B405 for ; Wed, 1 May 2002 15:15:48 -0700 (PDT) Received: from sub21-156.member.dsl-only.net (freebsd.localhost.localdomain [127.0.0.1]) by sub21-156.member.dsl-only.net (8.11.6/8.11.6) with SMTP id g41MLCC14585; Wed, 1 May 2002 15:21:25 -0700 (PDT) (envelope-from nkinkade@dsl-only.com) Date: Wed, 1 May 2002 15:21:12 -0700 From: Nathan Kinkade To: Michel Weenink Cc: questions@freebsd.org Subject: Re: PHP Stuff again... Message-Id: <20020501152112.28b8724a.nkinkade@dsl-only.com> In-Reply-To: <3CD063DD.60706@weenink.com> References: <009701c1f16f$740da640$0301a8c0@uminafamily.com> <3CD063DD.60706@weenink.com> X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i386-portbld-freebsd4.5) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 01 May 2002 23:53:33 +0200 Michel Weenink wrote: > Christopher J. Umina wrote: > > > Thanks guys, that worked great, but there's only one problem. When I > > have --enable-track-vars on the server never picks up variable that are > > passed along in the querystring. for instance: > > > > http://216.164.225.145:81/~uminac/equipment/ > > > > In that I have a thing that describes my servers, but when I click a link > > that links to > > > > http://216.164.225.145:81/~uminac/equipment/server.php?system=sysname > > > > there is no value for $system when it's run. The whole reason I > > did --enable-track-vars is so I can run sessions, but do I have to make a > > session out of every page for this to work? If so, that's kind of stupid > > eh? Is there another way to enable sessions? > > > > You probably ran into the 'new', more secure settings. See the Release > Announcemnt for 4.1.0: http://www.php.net/release_4_1_0.php. > > You probably need $_POST or $_GET, or you can alter your php.ini to do > it the way you were used to. after you start a session with session_start(), try assigning variables to the builtin global session array $_SESSION rather than using the session_register() function. apparently this is more secure than using session_register. but be aware that in any document on which you wish to access session variables you must call session_start(), if a session doesn't exist it will create a new one, but if one is already present it will register any existing session varibles into $_SESSION. from the php manual: Use of $_SESSION (or $HTTP_SESSION_VARS with PHP 4.0.6 or less) is recommended for security and code readablity. With $_SESSION or $HTTP_SESSION_VARS, there is no need to use session_register()/session_unregister()/session_is_registered() functions. Users can access session variable like a normal variable. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message