php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44545 Numeric keys in sessions fail silently
Submitted: 2008-03-27 10:42 UTC Modified: 2008-03-27 12:46 UTC
From: info at concept47 dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 5.2.5 OS: Windows Xp sp2
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: info at concept47 dot com
New email:
PHP Version: OS:

 

 [2008-03-27 10:42 UTC] info at concept47 dot com
Description:
------------
trying to use numeric keys for sessions vars, fails, silently. This is bad and can lead to lost hours/money for developer. I am just asking for this sort of assignment to fail in a far more obvious manner.

Reproduce code:
---------------
$_SESSION['1234'] = "boooo!"

Expected result:
----------------
I expect the session variable to be stored or else fail miserably like this assignment would

$123 = "dummy!"

Actual result:
--------------
the session variable with a numeric key is never stored ... and it might take a developer a while to figure out why, as other session vars are stored just fine.



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-03-27 11:30 UTC] jani@php.net
RTFM: "The keys in the $_SESSION associative array are subject to the same limitations as regular variable names in PHP, i.e. they cannot start with a number and must start with a letter or underscore. For more details see the section on variables in this manual. "

Found at http://php.net/session

 [2008-03-27 11:31 UTC] jani@php.net
And as this $_SESSION is "special" we can not add any errors when it's passed invalid data. You just have to _know_ this.
 [2008-03-27 12:46 UTC] info at concept47 dot com
And as this $_SESSION is "special" we can not add any errors when it's
passed invalid data

--- can you elaborate more on this? because that it is what I don't understand.

Why will

$1234 = "me";

fail fantastically but ...

$_SESSION['1234'] = "me"

not.
 [2012-08-30 16:21 UTC] william at piecewise dot com
I would have to agree. I had no idea about this rule for session vars and as a 
result lost about an hour and a half before I stumbled across this post.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Nov 22 02:01:28 2024 UTC