SitePoint Sponsor |
|
User Tag List
Results 1 to 21 of 21
-
Apr 2, 2009, 08:49 #1
- Join Date
- Sep 2008
- Location
- hyderabad
- Posts
- 179
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
how to set register_globals ON on HOST?
hii all..
i developed a small website, in which a query sends an email to an user containing href link with 2 parameters(userid, key).
i'm getting the parameters into my php file and matching them with DB..
it is working smoothly, when i test on my localhost, but i'm getting a warning when i upload the same files to my server.. here's the error:
Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0
), i did the same, but still i can see the above warning..
how can we set it manually in php code?
ini_set("register_golbals=1"); is this correct one?
please let me know..
thanks,.PHP Professional turned ASP.NET Professional
-
Apr 2, 2009, 08:52 #2
- Join Date
- Jul 2008
- Posts
- 5,757
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
You really should write code that doesn't need register_globals on. The setting is being removed in php 6. But otherwise, ask your host or check thier faq on how to set php settings. You may be able to make your own php.ini file.
-
Apr 2, 2009, 08:54 #3
- Join Date
- Sep 2008
- Location
- hyderabad
- Posts
- 179
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
You may be able to make your own php.ini file.PHP Professional turned ASP.NET Professional
-
Apr 2, 2009, 08:57 #4Guido - Community Team Leader
The Votes Are In: The Winners of the 2013 Community Awards are...
Blog - Free Flash Slideshow Widget
-
Apr 2, 2009, 12:43 #5
- Join Date
- Sep 2005
- Location
- Sydney, NSW, Australia
- Posts
- 16,875
- Mentioned
- 25 Post(s)
- Tagged
- 1 Thread(s)
The next version of PHP will not support register globals at all because it was deprecated so long ago as a security risk that thedre has been time to fix all the code in the world millions of times over to add the half dozen lines of code that remove the need for its use.
Stephen J Chapman
javascriptexample.net, Book Reviews, follow me on Twitter
HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
<input name="html5" type="text" required pattern="^$">
-
Apr 2, 2009, 14:31 #6
- Join Date
- Nov 2004
- Location
- Plano
- Posts
- 643
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
your avatar is taking forever to load...
-
Apr 3, 2009, 05:31 #7
- Join Date
- Oct 2002
- Location
- Scotland
- Posts
- 3,631
- Mentioned
- 2 Post(s)
- Tagged
- 0 Thread(s)
-
Apr 3, 2009, 05:54 #8
- Join Date
- Sep 2008
- Location
- hyderabad
- Posts
- 179
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
theres nothing to dicuss about one's avatars here..
i asked for your suggestions only, not to describe my avatar or anything else..
if you've a zeal to help, then post perfect replies else .....PHP Professional turned ASP.NET Professional
-
Apr 3, 2009, 05:58 #9Guido - Community Team Leader
The Votes Are In: The Winners of the 2013 Community Awards are...
Blog - Free Flash Slideshow Widget
-
Apr 3, 2009, 05:59 #10
- Join Date
- Jun 2004
- Location
- Copenhagen, Denmark
- Posts
- 6,157
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Pounding A Nail: Old Shoe or Glass Bottle?
You can not turn register_globals on in runtime (Well, you can, but it won't work). You have to either set it in php.ini or (if your host supports it) in a .htaccess file. That's the only way, except to upgrade your code.
-
Apr 3, 2009, 07:34 #11
- Join Date
- Sep 2008
- Location
- hyderabad
- Posts
- 179
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
You have to either set it in php.ini or (if your host supports it) in a .htaccess file.
php_admin_flag register_globals on
php_admin_flag register_long_arrays on
is it okay or should i change to some thing?
many thanks.PHP Professional turned ASP.NET Professional
-
Apr 3, 2009, 08:52 #12
- Join Date
- Jun 2004
- Location
- Copenhagen, Denmark
- Posts
- 6,157
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
-
Apr 3, 2009, 09:00 #13
- Join Date
- Sep 2008
- Location
- hyderabad
- Posts
- 179
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
hii..
That depends. Try creating a php-script, where you output the ini-setting. That's the only way to figure out if it's actually applied:
PHP Code:
var_dump(ini_get('register_globals'));
string(0) ""
and on my localhost(apache server) i got this : string(1) "1"
what does the above one mean? string(0) ""?
so what should i do now?
thanks.PHP Professional turned ASP.NET Professional
-
Apr 3, 2009, 14:38 #14
- Join Date
- Jun 2004
- Location
- Copenhagen, Denmark
- Posts
- 6,157
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
It means that it's off. There are two possible causes for this; Either your host don't support .htaccess files or the setting is set as an admin_flag setting, in which case you can't override it in a .htaccess file. In any case you'll have to contact your host to change it.
Alternatively, you could use this code to emulate register globals; I'm not sure if it'll work with session-variables though - You might be able to do this by first calling session_start() and then replace the line with extract with this:
PHP Code:extract($superglobal, EXTR_SKIP | EXTR_REFS);
-
Apr 3, 2009, 14:43 #15
- Join Date
- Apr 2008
- Location
- North Carolina
- Posts
- 438
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
For the love of god, just fix your code where it does not require register_globals instead of wasting every body's time trying to figure out how to get register_globals turned on.
As they already told you, register_globals is bad.[read: PHP Sec. | CSRF | PCRE Mods | Encryption | Form Proc. | File Val.]
[tools: PHPEd | PHP Docs | jQuery | CI | SwiftMailer | CKEditor | reCAPTCHA]
-
Apr 3, 2009, 15:09 #16
- Join Date
- Sep 2005
- Location
- Sydney, NSW, Australia
- Posts
- 16,875
- Mentioned
- 25 Post(s)
- Tagged
- 1 Thread(s)
The next version of PHP isn't going to support register globals at all - register globals was identified as a security hole many years ago and so many web hosts no longer allow it to be turned on. It only takes about four or five lines of code at the top of the script to copy the fields that you want out of the $_POST and $_GET arrays so that you don't need it anyway.
Stephen J Chapman
javascriptexample.net, Book Reviews, follow me on Twitter
HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
<input name="html5" type="text" required pattern="^$">
-
Apr 4, 2009, 08:23 #17
- Join Date
- May 2007
- Posts
- 101
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Most hosts won't turn it on. I found that out the hard way! I ended up moving my site 3 times before I found a host that would turn them on. the problem is, if they're turned on, it affects other sites on the server in a negative way.
As soon as I learn enough php, I'm getting rid of this in my site.
-
Apr 4, 2009, 12:09 #18
- Join Date
- May 2007
- Location
- Poole, UK
- Posts
- 5,077
- Mentioned
- 103 Post(s)
- Tagged
- 0 Thread(s)
imho all hosts should turn register globals off
Community Team Advisor
Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator
-
Apr 4, 2009, 16:21 #19
- Join Date
- Sep 2005
- Location
- Sydney, NSW, Australia
- Posts
- 16,875
- Mentioned
- 25 Post(s)
- Tagged
- 1 Thread(s)
Why would hosts enable a security hole in their system when a half dozen lines of code achieves the same result without a security hole.
Register Globals is at the end of its period as deprecated (flagged for removal) since it actually has been removed from the version of PHP currently under development. The next time an update to PHP is released register globals will no longer exist to be enabled or disabled.Stephen J Chapman
javascriptexample.net, Book Reviews, follow me on Twitter
HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
<input name="html5" type="text" required pattern="^$">
-
Apr 4, 2009, 17:47 #20
- Join Date
- Jun 2004
- Location
- Copenhagen, Denmark
- Posts
- 6,157
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
While register globals is a bad practise, it's probably not the worst security hole on it self. I think the point to take into consideration is that some people might have legacy code, and may not want to upgrade it. In that scenario, emulating register globals might make sense. I would certainly recommend against relying on this ancient anti-feature for any new development and even recommend an upgrade unless the code is in the very end of its life cycle.
-
Apr 5, 2009, 12:31 #21
- Join Date
- Sep 2005
- Location
- Sydney, NSW, Australia
- Posts
- 16,875
- Mentioned
- 25 Post(s)
- Tagged
- 1 Thread(s)
What is wrong with adding a half dozen lines of extra code to the top of each script in a legacy application so as to do away with the need for register globals? It's not like you have to make any changes to the script itself to fix it. The fix to do away with the need for it is so trivial that all decent scripts should have fixed this many years ago.
Stephen J Chapman
javascriptexample.net, Book Reviews, follow me on Twitter
HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
<input name="html5" type="text" required pattern="^$">
Bookmarks