Session bug?

J

jasonOk2015-11-13 08:59:32

PHP

jasonOk, 2015-11-13 08:59:32

Session bug?

There was an incomprehensible bug, or something like that.
user id is stored in $_SESSION['id'].
On some pages the variable is taken

$id = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);

and this is where the hell starts. $idWhy is it assigned to a variable instead of $_SESSION['id'].
What's the matter - I don't know.
Literally goes the code on the page

echo $_SESSION['id'] // выведет правильное id
$id = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
echo $_SESSION['id'] // уже будет другое значение
if(empty($id) || $id < 1) $id = $_SESSION['id'];

Or is it all about filter_var()?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

L

link_irk, 2015-11-13
@link_irk

Try using the intval() function instead of filter_var. It will also help protect against SQL injection, because it returns false if the passed argument could not be converted to an integer

M

Max, 2015-11-13
@AloneCoder

Wang, that this will work fine

echo $_SESSION['id'];
$idGet = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
echo $_SESSION['id'];

M

maximw, 2015-11-13
@maximw

Do you happen to have register_globals = on ?
If you are using Apache, try adding the following line to the site's root folder in .htaccess:
If it is on a hosting, consult with those. hosting support. Perhaps they have somewhere in the settings you can turn it off.