3

Possible Duplicate:
PHP session side-effect warning with global variables as a source of data

The following message popped up:

Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively in Unknown on line 0

after I input the following lines in my script:

$InnerJoinQuery = $STD->prepare("
SELECT Users.ID, Users.Password, UserInformation.LastName, UserInformation.Firstname, UserInformation.DOB
FROM Users
INNER JOIN UserInformation
ON Users.ID = UserInformation.UserID WHERE Users.Username = ?");
$InnerJoinQuery->bind_param('i', $_SESSION['real_name']);
#$InnerJoinArray = $InnerJoinQuery->fetch_array(MYSQLI_ASSOC);
$InnerJoinQuery->execute();
$InnerJoinQuery-> bind_result($UID, $Password, $LastName, $Firstname, $DOB);
$InnerJoinQuery->fetch();

and after doing some research into this message I appended the following changes to my php.ini

register_globals = On

Then invoked:

/etc/init.d/apache2 reload

the message was still present

what exactly does this warning mean?

more importantly, why does the lines I added within my script invoke this warning, and not before?

Community
  • 1
  • 1
user1968541
  • 333
  • 1
  • 3
  • 12
  • 4
    WRONG WRONG WRONG WRONG. Do not **EVER** enable register_globals. It's the single greatest stupidity ever foisted upon the planet. Pretend you never EVER heard about that setting and leave it off. You've just opened your server to all kinds of remote compromises and a world of pain. register_globals is the poster child of why PHP has such a miserable "security" reputation. – Marc B Jan 15 '13 at 21:06
  • 2
    DO. NOT. ENABLE. REGISTER_GLOBALS. ***EVER***. – Sammitch Jan 15 '13 at 21:06
  • Un-doing now.. Someone want to explain to me what this warning actually is? and why only when I done some MySQLI Code into my script, the warning got invoked? – user1968541 Jan 15 '13 at 21:07
  • somewhere you've got a variable whose name (e.g. `$foo`) matches the name of a session variable (`$_SESSION['foo']`) – Marc B Jan 15 '13 at 21:09
  • My guess is that your query is taking place in the global scope (not inside a function) and that any of the variables you use also is used as an index in $_SESSION. – Sven Jan 15 '13 at 21:09
  • Do you have a `$real_name` variable defined somewhere? – nico Jan 15 '13 at 21:10
  • Nope Those variables within my bind_results are completely unique – user1968541 Jan 15 '13 at 21:12
  • 2
    mostly that warning comes above from various false positives, and only is a problem if you're working with code that was done for PHP <= 4.2.3. if it's brand new code, ignore the message as a mistake, and feel free to turn off the warnings in php.ini. – Marc B Jan 15 '13 at 21:13
  • @MarcB This is brand new code, i'm using `$_SESSION[];` Variables accross my site, which might have generated the warning? So I should take this as a mistake and just set the specifics that are stated in the warning to off? – user1968541 Jan 15 '13 at 21:21
  • 1
    @user1968541 - The question listed as a duplicate of this one has the answer: if it's new code, switch off the warnings using the `bug_compat` flags in PHP.ini. – Spudley Jan 15 '13 at 21:26

0 Answers0