PDA

View Full Version : register_globals = Off - Why you do not want register_globals = On



Brian
September 9th, 2009, 04:02 PM
Writing PHP code which requires register_globals = On is not a good idea. In fact it is dangerous and opens your site up for possible attacks and other abuse.

Here is an article from PHP related to register_globals (http://us.php.net/manual/en/security.globals.php), including the history and the timelines for the change from the default from register_globals = On to register_globals = Off

On our servers, we have register_globals = Off

JonC
September 15th, 2009, 11:30 AM
When register globals is disabled or in other words "register globals off" the function "try $_SERVER['PHP_SELF']" does not work. Try changing this to "try $_SERVER[PHP_SELF]" removing the single quotes from around PHP_SELF will do the trick.