Page 1 of 1

Ok, I am clueless

Posted: Wed Aug 13, 2003 9:02 pm
by Stoneguard
Hi, first of all I am very new to PHP, so if I am missing something obvious, sorry. I have a couple problems with the following section of code:

Code: Select all

<?php
session_start();

function Session($sessvar, $sessval = "~~~")
{
   global $_SESSION;
   
   if (isset($_SESSION[$sessvar]) == FALSE)
      $_SESSION[$sessvar] = "";
   
   if ( '~~~' != $sessval)
   {
      $_SESSION[$sessvar] = $sessval;
   }
         
   return $_SESSION[$sessvar];
}
?>
I am basically trying to convert some ASP code over to PHP, and instead of replacing all the "Session" variable calls, I was planning on making a global function for them.

The jist of the code is:
  • If the request session variable doesnt exist, create it.
  • If a value was passed in, assign it.
  • Return the session value.
However I am encountering two problems:
  1. If I pass in a 0 in $sessval, the comparison of "if ('~~~'!= $sesval)" always returns false.
  2. I cannot seem to actually see the $_SESSION variables. If I use a normal $_SESSION command and not the function, the variables work fine. If I use the "Session" function, I can see the session variables get set in the session file but cannot retrieve them.
I am using PHP for Win32 (under Windows XP Prof) version 4.3.3RC3.

Thanks in advance for any help!

Re: Ok, I am clueless

Posted: Wed Aug 13, 2003 10:39 pm
by McGruff

Code: Select all

<?php
session_start();

// is this what you're looking for?
function Session($key_name, $value)
{
    // $_SESSION has superglobal scope - no need to global it in
   
    if (!isset($_SESSION[$key_name]))  // "!" and not: "== FALSE"
    {
        $_SESSION[$key_name] = $value;
        return TRUE;

    } else {

        return FALSE;
    }        
}

?>
You don't need to return $_SESSION[$key_name] since, as a superglobal, it's already available in any scope.

If you want to check if the function has actually done anything, you could return TRUE/FALSE - eg if another action needs to know if the session var was not set prior to running the function. Unlikely I guess - more of a general point.

If you don't have it already, download the php manual (get the version with comments) from php.net. If you already have some programming experience, this will explain all the new vocabulary.

(..and turn register globals off!)

Posted: Thu Aug 14, 2003 7:01 am
by Stoneguard
Actually, I was hoping to use the function as a getter and setter.

So, I would like to use the function in two capacities; to get the value of a session variable as well as setting the value

Code: Select all

<?php
$somevar = Session("MyVar");

if ($somevar != $_REQUEST("inputfield"))
   Session("MyVar", $_REQUEST("inputfield")); //set the value
?>
It's a silly example, but shows both uses I intended for the function. I had assumed $_SESSION was a superglobal but it seemed to be hidden from the function. Also, I do have register_globals off and the php manual 8) .

By the way, where is the logic flaw in comparing (0 != 'str'). This should return true shouldn't it?

Posted: Thu Aug 14, 2003 10:58 am
by McGruff
Sorry I assumed, since you were using "global $var", that you had reg globs on.

Code: Select all

<?php
if ( '~~~' != $sessval) 
?>
.. always returns FALSE because you had set $sessval = '~~~' as a fn argument.

If I understand you correctly, you want to:

(1) check if a request var has a corresponding session var, as well as..
(2) overwrite the session value if the request value is different, and finally..
(3) return the session var

Code: Select all

<?php
IF(!isset($_SESSION[$my_var]) OR $_SESSION[$my_var] != $check_var)
{
    $_SESSION[$my_var] = $check_var;
}

?>
You could wrap that up in a function if it's something you need to use frequently. There would be no need to return the session var from the fn since it's already available in all scopes.

You probably already know that it's better to use $_GET, $_POST, etc rather than $_REQUEST - let's you specify exactly where a var should come from.

PS: the order of the two IF clauses is important (short circuits from left to right - hence you'll get an undefined variable error if they are reversed and $_SESSION[$my_var] is not set).

Posted: Thu Aug 14, 2003 12:50 pm
by Stoneguard
My understanding from the documentation was that assigning a variable in the function declaration assigns a default value and makes it an optional argument.

So, if i call Session("MyVar"), I would get a return value and $sessval would be assigned '~~~' . If I call Session("MyVar",1), then $sessval would be assigned 1 and therefore assign the value within the code. This actually works for all values except 0. I was just having problems with the $_SESSION scope, but I think I figured those out

I guess I need to read up more on globals. About the only thing I am disappointed in so far with php is the way scope is handled. With the exception of superglobals, I am understanding that any global I refer to in a function must be declared as a global.

Thanks :).

Posted: Thu Aug 14, 2003 3:10 pm
by m3rajk
alright. here's a few seconds of searching php.net.

reference about them in php http://us3.php.net/manual/en/ref.session.php

how to start them: http://us3.php.net/manual/en/function.session-start.php

more info in a sticky in this forum

you don't neeed your own. php have a lot of built in things for it.

there is something called asp2php tha tyou can look up and use if you want to have your code converted for you.


also globals and superglobals are a security issue. avoid them. use the sessions array when you need it in a function. after 4.1 that's accessed via $_SESSIONS['session_variable_name'];

Posted: Thu Aug 14, 2003 6:01 pm
by Stoneguard
Ok, I'm a newb to php, but not a newb on looking things up. I know how to use sessions in php already. I was simply exploring the ability to wrapper it in a function.

By the way,
also globals and superglobals are a security issue. avoid them. use the sessions array when you need it in a function. after 4.1 that's accessed via $_SESSIONS['session_variable_name'];
Isn't that a contradictory sentence? The definition of $_SESSION is a superglobal. The only security issue is sending session tag information via a non secured cookie to the browser. (I have written my own browser session persistence engines).

What I am really after now is why the following function doesn't work;

Code: Select all

<?php
function dotest($tval)
{
   if ($tval == '~~~')
      print "true<br>";
   else
      print "false<br>";
}

dotest(1); //returns false;
dotest(0); //returns true;

?>
if I change the comaprison to ===, then i get false returned on both instances. But even comparing a logical FALSE to a string should return false should it not? Or is it something to do with type conversions that I am missing?

Posted: Thu Aug 14, 2003 6:40 pm
by McGruff
Superglobals aren't a security issue as you have said. In fact, they were introduced to make things more secure.
Stoneguard wrote:My understanding from the documentation was that assigning a variable in the function declaration assigns a default value and makes it an optional argument.
Yes - correct. Sorry I should have appreciated that you were feeding this different args.
About the only thing I am disappointed in so far with php is the way scope is handled. With the exception of superglobals, I am understanding that any global I refer to in a function must be declared as a global.
Not sure what you mean?

Yes the odd behaviour with true/false is due to type.

Code: Select all

<?php
// pass string args or use the === operator in the fn definition
dotest('1'); //returns false;
dotest('0'); //returns false; 
?>
With dotest(0) I THINK the explanation is that php has converted the comparison string '~~~' to an integer in order to compare with the integer argument - ie the string becomes 0.

Posted: Thu Aug 14, 2003 7:24 pm
by Stoneguard
Yay! thanks! By added a forced type to the comparison I can get the correct comparison.

(reference : http://us3.php.net/manual/en/types.comparisons.php)

Code: Select all

<?php
 if ((string)$tval == '~~~')
?>
This is cludgy on my part, so I need to change how I am assigning a default for the optional variable.

With reference to globals, I simply meant that you must either use the superglobal or declare the variable locally with "global $var;". Whereas most languages I have worked with, you must declare local variables in order not to be impacted by globals.

Thanks for all the help! 8)