php.ini security question (answered)
Posted: Fri Feb 16, 2007 12:28 pm
I'm simply asking why here, but quoting from this post on another forum, one guy told me what to do to get simple variables like $username to actually work.
maybe something else: PHP defaults to NOT register_globals, that means that you should use $_POST['username'] instead of $username
me wrote:That was it!
Changing the register_globals from Off to On in my php.ini fixed it, thank you!
Then I simply asked why it was a security risk, and I haven't gotten a reply. Is this a risk in every situation, or just a risk if the server is running more than one site?well... I'd have to ADVISE against that... you SHOULD change your script... register_globals was defaulted to Off as a security measure; not as an annoy-php-script-writers feature
(but feel free to do whatever you see fit)