|
|
Posted by Andy Hassall on 09/10/05 02:53
On 9 Sep 2005 14:54:20 -0700, "peter" <plaz987@yahoo.com> wrote:
>Hi. I am just learning PHP. I'm taking over the website at work,
>which is coded in PHP. I am wondering about register_globals. They are
>on on the server we use. Is that a threat?
Not directly, as it is quite possible to write safe code with register_globals
turned on, although it's bad practice. However, with register_globals enabled,
certain sorts of poor programming practices can be made unexpectedly much
worse, by the automatic creation of global variables. In particular, code that
relies on variables being undefined because the code did not set them; instead,
register_globals may have set it via user input through GET or POST.
>I understand I may have to
>recode if I turn them off, but is there a simple way to turn them off
>and see if the code still works?
Modify php.ini, set register_globals=Off.
--
Andy Hassall :: andy@andyh.co.uk :: http://www.andyh.co.uk
http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool
[Back to original message]
|