Turning off register_globals...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
clueless
Forum Newbie
Posts: 1
Joined: Fri Aug 16, 2002 12:05 am

Turning off register_globals...

Post by clueless »

I just found out what a bad idea it is to have register_globals turned on. The thing is, on my host, PHP is running as a CGI binary, so I can't just disable it via .htaccess.

So... As a nonroot user, how can I turn off register_globals when PHP is run as a CGI binary?
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

I don't think you can. However, if you code well using the predefined arrays such as $_POST and $_GET, always making sure that user input comes from where you expect it to you should be fine. Have register_globals off on your home config so that development is done in that type of environment then it won't matter a lot what the live environment is like.

BTW, register_globals being off does not inherently make your code secure, instead it just makes it more difficult to write insecure code.

Mac
Post Reply