Results 1 to 4 of 4
  1. #1

    what is "register_globals" in php.ini

    when i turn it on, what will happend?

  2. #2
    Join Date
    Nov 2002
    United Kingdom
    If you don't know what it does, you probably shouldnt be playing with php.ini!

    From the following:

    the register_globals variable, the cause of much heartache to longtime PHP developers. In PHP 3.x, this variable was On by default, leading form variables to be automatically converted to PHP variables when a form was submitted.

    Security concerns led to this variable being set to Off in PHP 4.x. As a result, form variables could only be accessed through the special $_GET and $_POST arrays. This broke many scripts written in PHP 3.x, and forced developers to rewrite and retest their scripts. For example, the value entered into the field <input type="text" name="email"> would be available as $email in a PHP 3.x script, but as $_POST['email'] or $_GET['email'] in a PHP 4.x script.

    You should generally set this variable to Off, as that offers greater security against script attacks through forms. For compatibility with older PHP 3.x scripts, turn it On

  3. #3
    ok thank you!

  4. #4
    Join Date
    May 2002
    The problem actually came down to people not knowing how to secure their scripts even with register globals on. This is why it has to be moved the super global arrays to protect those who didn't have the first clue about programming securely!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts