Page 1 of 1

Turning off register_globals...

Posted: Fri Aug 16, 2002 12:05 am
by clueless
I just found out what a bad idea it is to have register_globals turned on. The thing is, on my host, PHP is running as a CGI binary, so I can't just disable it via .htaccess.

So... As a nonroot user, how can I turn off register_globals when PHP is run as a CGI binary?

Posted: Fri Aug 16, 2002 1:52 am
by twigletmac
I don't think you can. However, if you code well using the predefined arrays such as $_POST and $_GET, always making sure that user input comes from where you expect it to you should be fine. Have register_globals off on your home config so that development is done in that type of environment then it won't matter a lot what the live environment is like.

BTW, register_globals being off does not inherently make your code secure, instead it just makes it more difficult to write insecure code.

Mac