register_globals

from the Artful MySQL Tips List


This dangerous PHP setting caused a lot of havoc until it was deprecated in PHP version 4.2 and many hosting providers sesnibly changed its default value to off. For backward compatibility with old scripts, though, some hosting providers leave it on, so you cannot assume it's off. Ordinarily this would be a reason to include ...
ini_set( "register_globals", 0 );
in every starting PHP script, but some PHP implementations disallow that! Some even disallow putting ...
php_flag register_globals off
in the home web folder's .htaccess file. Incredible as it sounds, in such web hosts, every directory containing a PHP script needs its own php.ini with a line saying ...
register_globals=0
It's a seriously stupid arrangement, but there it is.

Last updated 11 Feb 2012


Return to the Artful MySQL Tips page