[nycphp-talk] $_SESSION in Static function
Flavio daCosta
nyphp at n0p.net
Fri May 12 08:21:41 EDT 2006
AFAIK: $_SESSION should be available in the global scope. My wonder
would be if there is a logic issue, as looking at the provided code,
there could be an issue in the GetSessionParm () call if there wasn't a
prior call to SetSessionParm () in the same page request. The
'self::$data["session"] = $_SESSION;' is only set in the SetSessionParm
function and thus on a new page hit calling GetSessionParam () would
report null. I would also check to make sure session_start() is being
called in all cases before accessing your session wrapper.
Another note with regards to addslashes. Although it is good that you
are doing something, be cautioned that addslases is a _generic_ (if all
else fails) kind of safety function. In practice, it is usually best
if you properly escape your output specifically for the subsystem it
will be handed off to. For example, if you will be passing those
variables to a database, use a database escape function
pg_escape_string() (postgresql), mysql_escape_string(), etc. [or data
binding.] If you are passing it to a command line, use
escapeshellcmd()/escapeshellargs(), if you are sending to browser, use
htmlentities(). The reason for this is that each subsystem has their
own set of metacharacters, and a generic solution like addslashes may
not give you the maximum protection PHP offers.
Hope that helps
flav
More information about the talk
mailing list