Programming Forums > Web Development and Design > PHP

einzelle · Apr 24th, 2005, 4:01 PM

Hello!

I have this simple form script:

And I was wondering how do I turn off the register globals.
And is it really necessary to do so?
What difference does it make?

Ooble · Apr 24th, 2005, 4:14 PM

It greatly enhances the security of your system. For example, if you have a variable called $authorised, someone could override it by placing ?authorised=1 into the address bar, therefore creating both $_GET['authorised'] and $authorised, and setting them both to 1. If you turn register_globals off, only the first is created. You can do this by opening php.ini, finding it and setting it to Off, and restarting your webserver.

einzelle · Apr 24th, 2005, 4:48 PM

Hmmm, Yeah, where do I get the php.ini file? And I have to upload it on my server, right?

Ooble · Apr 24th, 2005, 6:25 PM

Your server has register_globals turned on!?!?! In that case, create a file called ".htaccess" (including the dot), and put the following inside it:

(Toggle Plain Text)

php_flag register_globals 0

Then upload that to your server.

Berto · Apr 25th, 2005, 3:27 AM

are you hosting the server yourself or is it from a web hosting company?

einzelle · Apr 25th, 2005, 5:31 PM

Its a web hosting company, so I upload my files via FTP

Ooble · Apr 25th, 2005, 6:40 PM

Try .htaccess then.

Berto · Apr 26th, 2005, 2:37 AM

i doubt he will be able to change it, damn hosting companies

Ooble · Apr 26th, 2005, 1:06 PM

In that case, I suggest firing off an email to your hosting company explaining exactly why it should be turned off - you can take a look at http://www.php.net/register_globals/ to find out yourself.

Infinite Recursion · Apr 26th, 2005, 1:56 PM

Hmmm. I wonder if I forgot to turn mine off... lol Are they turned off by default?

Apr 24th, 2005, 4:01 PM	#1
einzelle Newbie Join Date: Apr 2005 Posts: 3 Rep Power: 0	Register Globals Question Hello! I have this simple form script: And I was wondering how do I turn off the register globals. And is it really necessary to do so? What difference does it make?

Apr 24th, 2005, 4:14 PM	#2
Ooble I eat cake for breakfast. Join Date: Jul 2004 Location: In my box. Posts: 4,434 Rep Power: 9	It greatly enhances the security of your system. For example, if you have a variable called $authorised, someone could override it by placing ?authorised=1 into the address bar, therefore creating both $_GET['authorised'] and $authorised, and setting them both to 1. If you turn register_globals off, only the first is created. You can do this by opening php.ini, finding it and setting it to Off, and restarting your webserver. __________________ Me :: You :: Them

Apr 24th, 2005, 6:25 PM	#4
Ooble I eat cake for breakfast. Join Date: Jul 2004 Location: In my box. Posts: 4,434 Rep Power: 9	Your server has register_globals turned on!?!?! In that case, create a file called ".htaccess" (including the dot), and put the following inside it: (Toggle Plain Text) php_flag register_globals 0 php_flag register_globals 0 Then upload that to your server. __________________ Me :: You :: Them

Apr 25th, 2005, 6:40 PM	#7
Ooble I eat cake for breakfast. Join Date: Jul 2004 Location: In my box. Posts: 4,434 Rep Power: 9	Try .htaccess then. __________________ Me :: You :: Them

Apr 26th, 2005, 1:06 PM	#9
Ooble I eat cake for breakfast. Join Date: Jul 2004 Location: In my box. Posts: 4,434 Rep Power: 9	In that case, I suggest firing off an email to your hosting company explaining exactly why it should be turned off - you can take a look at http://www.php.net/register_globals/ to find out yourself. __________________ Me :: You :: Them

Apr 24th, 2005, 4:48 PM	#3
einzelle Newbie Join Date: Apr 2005 Posts: 3 Rep Power: 0	Hmmm, Yeah, where do I get the php.ini file? And I have to upload it on my server, right?

Apr 25th, 2005, 3:27 AM	#5
Berto Programming Guru Join Date: Aug 2004 Posts: 1,022 Rep Power: 6	are you hosting the server yourself or is it from a web hosting company?

Apr 25th, 2005, 5:31 PM	#6
einzelle Newbie Join Date: Apr 2005 Posts: 3 Rep Power: 0	Its a web hosting company, so I upload my files via FTP

Apr 26th, 2005, 2:37 AM	#8
Berto Programming Guru Join Date: Aug 2004 Posts: 1,022 Rep Power: 6	i doubt he will be able to change it, damn hosting companies

Apr 26th, 2005, 1:56 PM	#10
Infinite Recursion Programming Guru Join Date: Jul 2004 Location: United States Posts: 3,467 Rep Power: 8	Hmmm. I wonder if I forgot to turn mine off... lol Are they turned off by default? __________________ http://jasonpowers.net "There are a thousand hacking at the branches of evil to one who is striking at the root."

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Programming Forums > Web Development and Design > PHP

Register Globals Question