PHP :: Bug #44545 :: Numeric keys in sessions fail silently

Bug #44545	Numeric keys in sessions fail silently
Submitted:	2008-03-27 10:42 UTC	Modified:	2008-03-27 12:46 UTC
From:	info at concept47 dot com	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	5.2.5	OS:	Windows Xp sp2
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2008-03-27 10:42 UTC] info at concept47 dot com

Description:
------------
trying to use numeric keys for sessions vars, fails, silently. This is bad and can lead to lost hours/money for developer. I am just asking for this sort of assignment to fail in a far more obvious manner.

Reproduce code:
---------------
$_SESSION['1234'] = "boooo!"

Expected result:
----------------
I expect the session variable to be stored or else fail miserably like this assignment would

$123 = "dummy!"

Actual result:
--------------
the session variable with a numeric key is never stored ... and it might take a developer a while to figure out why, as other session vars are stored just fine.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-03-27 11:30 UTC] jani@php.net

RTFM: "The keys in the $_SESSION associative array are subject to the same limitations as regular variable names in PHP, i.e. they cannot start with a number and must start with a letter or underscore. For more details see the section on variables in this manual. "

Found at http://php.net/session

[2008-03-27 11:31 UTC] jani@php.net

And as this $_SESSION is "special" we can not add any errors when it's passed invalid data. You just have to _know_ this.

[2008-03-27 12:46 UTC] info at concept47 dot com

And as this $_SESSION is "special" we can not add any errors when it's
passed invalid data

--- can you elaborate more on this? because that it is what I don't understand.

Why will

$1234 = "me";

fail fantastically but ...

$_SESSION['1234'] = "me"

not.

[2012-08-30 16:21 UTC] william at piecewise dot com

I would have to agree. I had no idea about this rule for session vars and as a 
result lost about an hour and a half before I stumbled across this post.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 26 12:01:30 2024 UTC