SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Addict itsource's Avatar
    Join Date
    Jun 2001
    Location
    Thailand
    Posts
    369
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Is register_globals helpful?

    As we can access variable from HTTP_*_VARS

    and manual say that should set = off
    ***************************************************************
    If the register_globals directive is set, then these variables will also be made available in the global scope of the script; i.e., separate from the $HTTP_*_VARS arrays. This feature should be used with care, and turned off if possible; while the $HTTP_*_VARS variables are safe, the bare global equivalents can be overwritten by user input, with possibly malicious intent. If you cannot turn off register_globals, you must take whatever steps are necessary to ensure that the data you are using is safe.

    ***************************************************************

    Is register_global helpful for something?
    If it helpless why it is in php.ini, Shout it auto set =off?
    I live in Thailand. My English grammar not well.

  2. #2
    Mlle. Ledoyen silver trophy seanf's Avatar
    Join Date
    Jan 2001
    Location
    UK
    Posts
    7,168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I would turn them off. I think the only reason why they are still supported is because there are so many scripts that do not use the HTTP_*_VARS

    Sean
    Harry Potter

    -- You lived inside my world so softly
    -- Protected only by the kindness of your nature

  3. #3
    You talkin to me? Anarchos's Avatar
    Join Date
    Oct 2000
    Location
    Austin, TX
    Posts
    1,438
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's very helpful in making scripting faster to develop, but it's a security risk. What I do is keep it on so that other scripts can use it, since pretty much all scripts assume it's on and use it. Then in my scripts I have:
    if (ini_get("allow_url_fopen") == 1) ini_set("allow_url_fopen", 0);
    if (ini_get("register_globals") == 1) ini_set("register_globals", 0);
    ck :: bringing chris to the masses.

  4. #4
    Victory shall be mine tubedogg's Avatar
    Join Date
    Mar 2001
    Location
    Medina, OH
    Posts
    440
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    A *lot* of scripts rely on it being on, including vBulletin.
    Kevin

  5. #5
    SitePoint Member Netbuilder's Avatar
    Join Date
    Sep 2001
    Location
    Karlsruhe / Germany
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hy,

    I wrote this mini-script, maybe
    it helps:

    foreach($HTTP_POST_VARS as $k => $value) {
    ${$k} = $value;
    }

    it just converts HTTP_POST_VARS into
    usual variable-names.

    Regards
    signature

  6. #6
    Mlle. Ledoyen silver trophy seanf's Avatar
    Join Date
    Jan 2001
    Location
    UK
    Posts
    7,168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can use extract to do that:

    PHP Code:
    extract($HTTP_POST_VARS); 
    Sean
    Harry Potter

    -- You lived inside my world so softly
    -- Protected only by the kindness of your nature


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •