Considerations when assigning a $_server variable to a $_session variable in PHP

Source: Internet
Author: User

The following code is saved as test.php

 
  '; $_session[' test '] = $_server[' Path_info '];var_dump ($_session[' test ');? >

Test this code locally to access the URL http://localhost/test.php/a
The value of $_server[' Path_info '] is '/a ', the value of $_session[' test ' after assignment is '/a ', and after the page is refreshed , the output $_session[' test ' at the beginning of the page should theoretically be '/a ', but $_session[' test ' became ' notice '.

Where the value of notice is the same as the value of the SRC, the value of SRC is changed to another value and the same value is output accordingly


Reply content:

The following code is saved as test.php

 
  '; $_session[' test '] = $_server[' Path_info '];var_dump ($_session[' test ');? >

Test this code locally to access the URL http://localhost/test.php/a
The value of $_server[' Path_info '] is '/a ', the value of $_session[' test ' after assignment is '/a ', and after the page is refreshed , the output $_session[' test ' at the beginning of the page should theoretically be '/a ', but $_session[' test ' became ' notice '.

Where the value of notice is the same as the value of the SRC, the value of SRC is changed to another value and the same value is output accordingly


Key in

/test.php/notice loaded when the browser was accessed
That's when the test.php is triggered.

$_session[' Test ' = $_server[' path_info ']; This is notice

So even if you refresh again, the first time you print is also notice

I know the problem, the problem is that you mention this img tag, your img tag src filled in notice . In HTML if you do not add http://xxx the prefix directly here, it will access the current directory of the file, that is, when you refresh the page, the page is img accessed again http://localhost/test.php/notice .

Because the browser recognizes the last slash, the / current directory is considered to be http://localhost/test.php/ . It automatically puts the notice URL that is behind this visit. Then the visit http://localhost/test.php/notice will certainly be pathinfo notice set to the session inside, so every time you refresh what you see is actually the session of the img label refresh.

Thanks for the invitation, the answer is very good in front. I add several points:

    1. You have a good habit of asking questions, from "the value of which notice is the same as the value of SRC, the value of SRC to other values will also output the same value" this sentence, you have studied the error recurrence of the law, the browser also open "The art of questioning", it is worth encouraging.
    2. Your code snippet is not rigorous enough to be criticized. Line seventh (the line above the IMG tag) is obviously a syntax error, it should be the end of PHP "?>", the programming world, horseshoes, lost thousands of miles, if not grammatical errors, the compiler does not error, you can waste warm-hearted people's time

specifically to analyze your code:

During the first execution, the browser initiated two HTTP requests, http://localhost/test.php/a and Http://localhost/test.php/notice, and the result would be this:

At this point, the server side session file contents are as follows:

For the first HTTP request (HTTP://LOCALHOST/TEST.PHP/A), the page displays "notice:undefined index" because just after session_start () is not $_session[' test ') The assignment is to print it, it must not exist in this array subscript, so error.

Next, the current path_info (that is, "/a" is stored in the session file), and output, this is what you see in the browser, the effect of the naked eye.

Since the browser encountered an IMG tag, then, according to the SRC attribute to request the Http://localhost/test.php/notice (please refer to the relative path of SRC, I will not elaborate), this request is the browser in the background, It doesn't change the HTML source of the current page, so you can't see what's changed on the page.

Test.php is actually executed again, to the first var_dump (), it outputs "/a", and then it assigns the current path_info (i.e./notice) to $_session[' test ', Overwrites the original value of the session file (see above), and then executes the second var_dump (). Where are the outputs of these var_dump ()? In the response of the HTTP request "Http://localhost/test.php/notice", the text output is obviously not a legitimate picture, so your img tag will show a failure.

Evidence for two HTTP requests:

As you can see, two HTTP requests get reponse body (149 Bytes vs Bytes) because there is no "http://localhost/test.php/notice" when requesting notice:undefined Index "error.

The second time you brush a page, it's still two HTTP requests:
Finally, you see the following page:

First HTTP request (HTTP://LOCALHOST/TEST.PHP/A): print "/notice" (can be removed from the session file, see), then overwrite it with the current path_info ("/A"), and then print "/a".

Then the browser automatically initiates a second HTTP request (Http://localhost/test.php/notice): First print "/a" in the background, then assign the value "/notice", and then print "/notice", because not legitimate picture content display failed, You will not see the changes on the page.

The 3rd to n times are exactly the same as the process of refreshing the page for the second time.

At last:
Suggest you add debugging skills, refresh the page to see the text content of HTTP communication, more see session file content.

Thanks for the invitation, NULL, JOYQI has explained the problem clearly.
By the way, the first time var_dump ($_session[' test '), will trigger the notice, recommended rigorous for example:

if (isset ($_session[' test ')) {    var_dump ($_session[' test ']);}

In addition, when you switch to the network feature with Chrome, you'll see a http://127.0.0.1/notice request.
Nginx default is not supported $_server[' Path_info '), there is no guarantee that this value will be taken.

Check that the next session is in effect and that there is a local cookie PHPSESSIONID .

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.