I have 2 files namely:
uploading.php
emaillinks.php
both include a file inc.php which has all the include files and initiate database connection.
a variable is declared in file uploading.php, i wanted to know how can i access it in emaillinks.php, i cant include uploading.php in emaillinks.php.
I want to avoid cookies because data is big and always different.
what is the best option to make it accessible by emaillinks.php?
Thank You.
Depending on what it is, you could put it into the database or into the session ($_SESSION)
If you can't include you'll need to go with session variables or cookies.
Reading your question the words "registry pattern" suddenly popped into my head. This might be a bit of overkill for your needs, but it might be worth looking into.
You'd probably have to do a lot of refactoring to make this solution available. So you'd probably be best using the session, database or some text file to store your variable.
Here is a good article on using a registry, though (if you're interested).
Related
Maybe stupid question but its still interesting for me. Is it possible to transfer some data between different sessions? Can I add some variable into another user's $_SESSION directly? Something like this abstract code:
$notMySession = getSessionById('123'); $notMySession['kindaInfo'] = 'something'
No directly you cannot transfer session data from one session to another session. That is what the session is made for.
I hope this helps you.
Each user has its own session, which PHP will use when it speaks to that specific user. That means that each session is isolated from one another.
Since the session is not stored on the users computer, there might be a way to reach the session files from your code and directly modify the files. But that doesn't sound like a particularly sane thing to do.
I was reading something about SuplerGlobals like $_SERVER or (see more detail PHP Manual Superglobals) the other day, now, I'm asking me:
Is it possible to implement own SuperGlobals?
Beside of Constants...
So for example user A writes something in the Variable which, if User B is calling it can see.
Something like a server wide Session Variable or something.
Please don't be to hard, if its a silly question :)
I know there are couple of ways outside, like SQL, Xml and Stuff, but maybe...
Your whole idea of PHP superglobals it wrong.
These variables are always available in terms of just one script runtime, no the whole site.
PHP doesn't have context which can be shared between users. You should some replacement like SQL server or file. You may also check some extensions like memcache which might help you achieve your goal.
I was reading something about SuplerGlobals like $_SERVER or (see more detail PHP Manual Superglobals) the other day, now, I'm asking me:
Is it possible to implement own SuperGlobals? Beside of Constants...
Yes it is possible if you've got the PHP runkit extension.
So for example user A writes something in the Variable which, if User B is calling it can see
That's not what superglobals do - they are variables which exist in global scope (i.e. for the duration of an instance of a script).
If you want to share data between different invocations then you need to send it to your storage tier or (in the case of data for a single client) out to the browser.
Since what you are describing here is effectively a shared session, then the sensible place to implement this would be in the session handler.
This is not possible, you can only see your own session data.
To achieve this you would need to store the data somewhere else. in text files or in a MySQL database would be the most common.
i suppose you can use (asterix)export yourvar="something"(asterix) and to receive it using getenv
sry, dont know how to embed asterix=`, but it is better to avoid it...
If you use apache following could be used:
http://php.net/manual/en/function.apache-setenv.php
same idea, enveroinment variable
I've been told that it is unsecure to make database connections inside a PHP includes. For example If I have a login page and add an "include('process.php')" at the top of the page that has a database connection, is that unsecure?
For example If I have a login page and add an "include('process.php')" at the top of the page that has a database connection, is that unsecure?
No.
Maybe the person who told you this was talking about something else - like including a file using a dynamic value coming from a GET parameter, or using remote http:// includes, or as #AlienWebguy mentions, having the password include inside the web root. But using includes in itself is not insecure.
It's only insecure if you are storing your passwords literally in your PHP files. They should be declared outside of the web root. That being said, the lack of security is not due to the use of the include() function.
In and of itself, no, it is not insecure. How it's implemented inside the include is of course a different story.
That's the way I've always done it. I make sure that the include is in a different directory that has open permisions and that the directory your writing in has locked permisions. Hopefully that makes sense.
This question is way too broad to get a good answer from anyone. Short answer is no, there's nothing inherently insecure about including a file that connects to a database. However, if you write code that isn't written properly, then yes it may be insecure to do this.
Since using "include('process.php')" is exactly the same as pasting 'process.php' into the code of the other file, that should not be, per se, a security issue. The insecurity could be in your code, not in the fact the you use the "include". In fact, it could maybe improve the safety of your code, due the reuse.
What is best practice with regards to using session variables?
Is it best to just refer to them as session variables or is it better at the beginning of the script to transfer them to local variables of the same name?
I am also a little stumpped on the best folder/file structure for my application if anyone has a useful link with regards to that it would be very useful.. thanks.
Just access them as they are, there will be no performance hit.
In my mind data is usually in session for a reason, so moving it from the session to local, and the having to put it back again just provides a step for errors to occur, plus it may make your code more confusing to read.
You probably only want to assign the session value to a local variable if you need to manipulate the data and want to retain the original value.
I usually transfer them to local variables if I don't intend to manipulate them, just to avoid the chance of unintentionally overwriting. Plus, it's easier to work with local variables than writing out $_SESSION[''] every time.
Is it best to just refer to them as
session variables or is it better at
the beginning of the script to
transfer them to local variables of
the same name?
For me it depends on what you are doing with it, if you are using it once then use $_Session[] if you are doing lots of logic with it, it makes sense to transfer it to a local var.
Either way its preferance.
I'd recommend against using $_SESSION. Use a Session wrapper/manager class for handling session variables.
There are many available out there, but Zend_Session is among the best.
I am to build a PHP application for a website that already has another PHP application running on the same domain/server.
My app will of course be using sessions, and I don't want my sessions to interfere with the existing app.
For example if I want to use $_SESSION['username'], maybe the other app also uses $_SESSION['username'], which could be a problem.
I'm not looking for an extra layer of security, I trust the application I'm sharing the host with. I just want to avoid bugs.
One way would be to do something like $_SESSION['MY_APP_NAME']['username'], but I want to know if there is an easier way.
I see on the PHP documentation that there is a function called 'session_module_name'. The name sounds good, but the docs don't really explain what it is for.
Any advice?
There is an easier way: session_name.
Prior to calling session_start(); call session_name("something"); (where you change something to whatever you want it to be called).
Another thing that may help you in keeping apps separate is move the session storage to another place either setting session.save_path in php.ini to a folder of your choice or calling session_save_path() before session_start().