I think it a big problem in security because it can assign all variable?
Recently, I know that we can access and edit file on All server that use IIS (only IIS not Apache or other). By query instruction after address bar. I don't know this instruction but ever seen it. it long instruction. My friend can do it but he don't tell me?
If someone has known this problem please explanation more detail, How to do, and how to prevent, especially how to prevent user type command or vairable after url of website
Register globals is a setting in php.ini which when on registers the EGPCS (GET, POST, Cookie, Environment and Built-in variables, not in that order!) variables as global. So, variables in the url will automatically become variables in the script. This is the setting: