SitePoint Sponsor

User Tag List

Results 1 to 21 of 21
  1. #1
    SitePoint Zealot pavanpuligandla's Avatar
    Join Date
    Sep 2008
    Location
    hyderabad
    Posts
    179
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    how to set register_globals ON on HOST?

    hii all..

    i developed a small website, in which a query sends an email to an user containing href link with 2 parameters(userid, key).
    i'm getting the parameters into my php file and matching them with DB..

    it is working smoothly, when i test on my localhost, but i'm getting a warning when i upload the same files to my server.. here's the error:

    Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0
    how can we fix this error? after seeing some sites, some body advised to upload a .htaccess file with this line added (php_flag register_globals on
    ), i did the same, but still i can see the above warning..
    how can we set it manually in php code?
    ini_set("register_golbals=1"); is this correct one?
    please let me know..
    thanks,.
    PHP Professional turned ASP.NET Professional

  2. #2
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You really should write code that doesn't need register_globals on. The setting is being removed in php 6. But otherwise, ask your host or check thier faq on how to set php settings. You may be able to make your own php.ini file.

  3. #3
    SitePoint Zealot pavanpuligandla's Avatar
    Join Date
    Sep 2008
    Location
    hyderabad
    Posts
    179
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You may be able to make your own php.ini file.
    how to set this ON in my php code?
    PHP Professional turned ASP.NET Professional

  4. #4
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,500
    Mentioned
    163 Post(s)
    Tagged
    4 Thread(s)
    Quote Originally Posted by pavanpuligandla View Post
    how to set this ON in my php code?
    Don't. Change your code so it works with register_globals OFF.

  5. #5
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,820
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    The next version of PHP will not support register globals at all because it was deprecated so long ago as a security risk that thedre has been time to fix all the code in the world millions of times over to add the half dozen lines of code that remove the need for its use.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  6. #6
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    Plano
    Posts
    643
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    your avatar is taking forever to load...

  7. #7
    SitePoint Wizard siteguru's Avatar
    Join Date
    Oct 2002
    Location
    Scotland
    Posts
    3,629
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Ian Anderson
    www.siteguru.co.uk

  8. #8
    SitePoint Zealot pavanpuligandla's Avatar
    Join Date
    Sep 2008
    Location
    hyderabad
    Posts
    179
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    theres nothing to dicuss about one's avatars here..
    i asked for your suggestions only, not to describe my avatar or anything else..
    if you've a zeal to help, then post perfect replies else .....
    PHP Professional turned ASP.NET Professional

  9. #9
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,500
    Mentioned
    163 Post(s)
    Tagged
    4 Thread(s)
    Quote Originally Posted by pavanpuligandla View Post
    if you've a zeal to help, then post perfect replies else .....
    Else what?
    You already got the most perfect replies you can get to your answer: fix the error you made while you developed the website.

  10. #10
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Pounding A Nail: Old Shoe or Glass Bottle?

    You can not turn register_globals on in runtime (Well, you can, but it won't work). You have to either set it in php.ini or (if your host supports it) in a .htaccess file. That's the only way, except to upgrade your code.

  11. #11
    SitePoint Zealot pavanpuligandla's Avatar
    Join Date
    Sep 2008
    Location
    hyderabad
    Posts
    179
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You have to either set it in php.ini or (if your host supports it) in a .htaccess file.
    i've added the following lines to my .htaccess file.
    php_admin_flag register_globals on
    php_admin_flag register_long_arrays on

    is it okay or should i change to some thing?
    many thanks.
    PHP Professional turned ASP.NET Professional

  12. #12
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by pavanpuligandla View Post
    i've added the following lines to my .htaccess file.
    php_admin_flag register_globals on
    php_admin_flag register_long_arrays on

    is it okay or should i change to some thing?
    many thanks.
    That depends. Try creating a php-script, where you output the ini-setting. That's the only way to figure out if it's actually applied:

    PHP Code:
    var_dump(ini_get('register_globals')); 

  13. #13
    SitePoint Zealot pavanpuligandla's Avatar
    Join Date
    Sep 2008
    Location
    hyderabad
    Posts
    179
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hii..
    That depends. Try creating a php-script, where you output the ini-setting. That's the only way to figure out if it's actually applied:

    PHP Code:


    var_dump(ini_get('register_globals'));
    when i echoed this on my server, i got output:
    string(0) ""
    and on my localhost(apache server) i got this : string(1) "1"

    what does the above one mean? string(0) ""?
    so what should i do now?
    thanks.
    PHP Professional turned ASP.NET Professional

  14. #14
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by pavanpuligandla View Post
    what does the above one mean? string(0) ""?
    It means that it's off. There are two possible causes for this; Either your host don't support .htaccess files or the setting is set as an admin_flag setting, in which case you can't override it in a .htaccess file. In any case you'll have to contact your host to change it.

    Alternatively, you could use this code to emulate register globals; I'm not sure if it'll work with session-variables though - You might be able to do this by first calling session_start() and then replace the line with extract with this:
    PHP Code:
    extract($superglobalEXTR_SKIP EXTR_REFS); 

  15. #15
    SitePoint Evangelist simshaun's Avatar
    Join Date
    Apr 2008
    Location
    North Carolina
    Posts
    438
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    For the love of god, just fix your code where it does not require register_globals instead of wasting every body's time trying to figure out how to get register_globals turned on.
    As they already told you, register_globals is bad.

  16. #16
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,820
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    The next version of PHP isn't going to support register globals at all - register globals was identified as a security hole many years ago and so many web hosts no longer allow it to be turned on. It only takes about four or five lines of code at the top of the script to copy the fields that you want out of the $_POST and $_GET arrays so that you don't need it anyway.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  17. #17
    SitePoint Zealot
    Join Date
    May 2007
    Posts
    101
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Most hosts won't turn it on. I found that out the hard way! I ended up moving my site 3 times before I found a host that would turn them on. the problem is, if they're turned on, it affects other sites on the server in a negative way.

    As soon as I learn enough php, I'm getting rid of this in my site.

  18. #18
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    5,029
    Mentioned
    103 Post(s)
    Tagged
    0 Thread(s)
    imho all hosts should turn register globals off
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  19. #19
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,820
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Why would hosts enable a security hole in their system when a half dozen lines of code achieves the same result without a security hole.

    Register Globals is at the end of its period as deprecated (flagged for removal) since it actually has been removed from the version of PHP currently under development. The next time an update to PHP is released register globals will no longer exist to be enabled or disabled.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  20. #20
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    While register globals is a bad practise, it's probably not the worst security hole on it self. I think the point to take into consideration is that some people might have legacy code, and may not want to upgrade it. In that scenario, emulating register globals might make sense. I would certainly recommend against relying on this ancient anti-feature for any new development and even recommend an upgrade unless the code is in the very end of its life cycle.

  21. #21
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,820
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    What is wrong with adding a half dozen lines of extra code to the top of each script in a legacy application so as to do away with the need for register globals? It's not like you have to make any changes to the script itself to fix it. The fix to do away with the need for it is so trivial that all decent scripts should have fixed this many years ago.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •