Results 1 to 4 of 4
  1. #1

    register globals

    I would like to know the following:

    Detailed explanation of why register_globals should be Off (server side and per user via php.ini or .htaccess). What is the security risks?

    Also, what is the alternative (when using and not using phpsuexec support)?

  2. #2
    Join Date
    Dec 2004
    New York, NY
    You will find discussion on this topic + more here:

  3. #3
    Thanks, but I would like some explanation in laymen terms of the security risks and alternatives.

  4. #4
    Join Date
    Nov 2004
    register_globals should be left off as it can be used to overwrite privileged variables if the PHP programmers are not careful. It's not always dangerous if appropriate care is taken, it's just unwise.

    You can turn register_globals on via a per-directory basis with a php_ directive in .htaccess (or in php.ini for phpsuexec servers).

    Alternatively, you can use $_POST to access the posted values, or the PHP extract() function to put them into globals.

    The whole register_globals thing isn't exactly a success story - for years it's been bad practice and yet there's still a lot of code out there using it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts