我有以下名为 index.php 的脚本:
<?php
session_start();
print_r($_SESSION);
$lang = "";
print_r($_SESSION);
//some other stuff
$lang = "abc";
$_SESSION['lang'] = $lang;
?>
在第一次调用时,它按预期返回
Array () Array ()
在第二次通话中(如果我按 F5),这是令人惊叹的恕我直言,出现以下输出:
Array ( [lang] => abc ) Array ()
如果我只是将变量设置$lang为"". 为什么会这样?
编辑:我正在运行 PHP 5.2.17。
check this http://php.net/manual/en/security.globals.php and also What are register_globals in PHP?
but if I want to say it simply : if register_globals be ON all $_POST and $_GET and $_SESSION variables will automatically copied to the variables with a same name of their index.So for example when you have a $foo you can't understand where it comes from ($_GET['foo'], $_SESSION['foo'], etc).
AND as @EricCitaire mentioned "Just disable it, its default value is false since PHP 4.2, deprecated in 5.3 and simply removed in 5.4 because of serious security concerns."
you can set it off using php.ini, .htaccess and also using ini_set()
ini_set('register_globals', 'Off')
other links: