Session ID with Dynamic Name?

Forum Moderators: coopster

Message Too Old, No Replies

Session ID with Dynamic Name?

NoLimits

11:30 pm on Nov 12, 2008 (gmt 0)

Is it possible to use variables in the name of a session?

$xd = $_GET['o'];
$ox = "x$xd";
$hc = $_SESSION['$ox'];

In the above example $_GET['o'] is equal to 1 - I know $_SESSION['x1'] exists, but I cannot retrieve it using the method above. Something I'm missing?

cameraman

1:23 am on Nov 13, 2008 (gmt 0)

$hc = $_SESSION['$ox'];

With the single quotes, PHP doesn't evaluate the variable. Either of these is fine:
$hc = $_SESSION["$ox"];
$hc = $_SESSION[$ox];

If you're not combining it with anything like you are in your second line, you don't really need the quotes.

NoLimits

1:42 am on Nov 13, 2008 (gmt 0)

Superb! You make the novice very happy, I thank you greatly!

mandrill

8:03 pm on Jan 19, 2009 (gmt 0)

Can I set the values of $_SESSION variables the same way?

eg:


$job_id = valuefrommysqltable;
$start_time_{$job_id} = time();
$_SESSION[start_time_{$job_id}] = $start_time_{$job_id};

I want the name of the session variable to match the name of the actual variable. Would this work?

coopster

10:57 pm on Jan 21, 2009 (gmt 0)

Welcome to WebmasterWorld, mandrill.

Did you try it? ;)
Yes, you can. But you will want to concatenate that index string (easy way is to wrap it in double quotation marks):

$_SESSION["start_time_{$job_id}"] = $start_time_{$job_id};

rob7591

11:02 pm on Jan 21, 2009 (gmt 0)

Be careful doing this if you're using $_GET values. I'm not sure if you're storing anything important in the $_SESSION, but if you have

echo $_SESSION[$_GET['o']];

and the user types ?o=master_password_of_all_passwords

you're going to echo $_SESSION['master_password_of_all_passwords'];

and that just looks dangerous :-o

Anyway, I hope you get my point.. I would make sure you validate any user input first.