0

Okay, so when I run this script to remove a user's comment from a forum post, the $_SESSION['id'] (user's mysql id) changes to the $postid (the id of the forum post). I am not calling any function to set it, and I have session_write_close(); called when the session is initialized.

<?php
session_start();

// I'm not showing connection code.
if(isset($_SESSION['user'])){

    $user = mysql_real_escape_string($_SESSION['user']);
    $userid = mysql_real_escape_string($_SESSION['id']);

    $id = mysql_real_escape_string($_GET['id']);
    $postid = mysql_real_escape_string($_GET['article']);

    $result = mysql_query("DELETE FROM `______`.`______` WHERE `userid`='$userid' AND `id`='$id' AND `user`='$user'")or die(mysql_error());

    if(mysql_affected_rows($result) == 1){

          mysql_query("UPDATE `_______`.`______` SET `points`=`points`-'1' WHERE `id`='$userid' AND `username`='$user'")or die(mysql_error());
          mysql_query("INSERT INTO `________`.`_______` (`user`,`userid`,`amount`,`reason`) VALUES('$user', '$userid', '-1', 'Removed a comment')")or die(mysql_error());

    }

    mysql_close($con);

    ob_start();
    header("location:../view-article?id=$postid");
    ob_end_flush();

} //if there is a user
else {

    ob_start();
    header("location:http://boundsblazer.com/not-logged-in?url=articles.view-article:id=$postid");
    ob_end_flush();
}
?>
Improve this question
5
  • Do you have other scripts or applications running which access similar variables? If so, set a different session_name() for each application so they don't accidentally interact. Commented Feb 1, 2012 at 14:06
  • Your problem is definitely somewhere else, there is nothing in this code that could do this... Commented Feb 1, 2012 at 14:08
  • Check if register_globals is activated? echo ini_get('register_globals') ? 'On' : 'Off'; Commented Feb 1, 2012 at 14:11
  • But I don't understand how. Only this script causes the id to be changed. Commented Feb 1, 2012 at 14:12
  • register_globals was on... Why? Does that change anything? I didn't turn it on, btw... Commented Feb 1, 2012 at 14:13

1 Answer 1

Reset to default
2

If register_globals is on, this line

$id = mysql_real_escape_string($_GET['id']);

possibly change the value of $_SESSION['id']. So please try again with register_globals off.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Worked. But why would they even add such a thing as register_globals?
@Ken Because some people are too lazy to take care of getting variables but just use $name right away which names are identical to sent body names.
register_globals is pretty much the top reason PHP has had such a miserable security reputation. Now that it defaults to off, the miserable rep is coming more from how often you see sql injection holes in PHP code.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.