how to set register_globals ON on HOST?

[pavanpuligandla]

hii all..

i developed a small website, in which a query sends an email to an user containing href link with 2 parameters(userid, key).
i'm getting the parameters into my php file and matching them with DB..

it is working smoothly, when i test on my localhost, but i'm getting a warning when i upload the same files to my server.. here's the error:

Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0

how can we fix this error? after seeing some sites, some body advised to upload a .htaccess file with this line added (php_flag register_globals on
), i did the same, but still i can see the above warning..
how can we set it manually in php code?
ini_set("register_golbals=1"); is this correct one?
please let me know..
thanks,.

[crmalibu]

You really should write code that doesn't need register_globals on. The setting is being removed in php 6. But otherwise, ask your host or check thier faq on how to set php settings. You may be able to make your own php.ini file.

[pavanpuligandla]

You may be able to make your own php.ini file.

how to set this ON in my php code?

[guido2004]

how to set this ON in my php code?

Don't. Change your code so it works with register_globals OFF.

[felgall]

The next version of PHP will not support register globals at all because it was deprecated so long ago as a security risk that thedre has been time to fix all the code in the world millions of times over to add the half dozen lines of code that remove the need for its use.

[XtrEM3]

your avatar is taking forever to load...

[siteguru]

[pavanpuligandla]

theres nothing to dicuss about one's avatars here..
i asked for your suggestions only, not to describe my avatar or anything else..
if you've a zeal to help, then post perfect replies else .....

[guido2004]

if you've a zeal to help, then post perfect replies else .....

Else what?
You already got the most perfect replies you can get to your answer: fix the error you made while you developed the website.

[kyberfabrikken]

Pounding A Nail: Old Shoe or Glass Bottle?

You can not turn register_globals on in runtime (Well, you can, but it won't work). You have to either set it in php.ini or (if your host supports it) in a .htaccess file. That's the only way, except to upgrade your code.

[pavanpuligandla]

You have to either set it in php.ini or (if your host supports it) in a .htaccess file.

i've added the following lines to my .htaccess file.
php_admin_flag register_globals on
php_admin_flag register_long_arrays on

is it okay or should i change to some thing?
many thanks.

[kyberfabrikken]

i've added the following lines to my .htaccess file.
php_admin_flag register_globals on
php_admin_flag register_long_arrays on

is it okay or should i change to some thing?
many thanks.

That depends. Try creating a php-script, where you output the ini-setting. That's the only way to figure out if it's actually applied:

PHP Code:

var_dump(ini_get('register_globals')); 


[pavanpuligandla]

hii..

That depends. Try creating a php-script, where you output the ini-setting. That's the only way to figure out if it's actually applied:

PHP Code:


var_dump(ini_get('register_globals'));

when i echoed this on my server, i got output:
string(0) ""
and on my localhost(apache server) i got this : string(1) "1"

what does the above one mean? string(0) ""?
so what should i do now?
thanks.

[kyberfabrikken]

what does the above one mean? string(0) ""?

It means that it's off. There are two possible causes for this; Either your host don't support .htaccess files or the setting is set as an admin_flag setting, in which case you can't override it in a .htaccess file. In any case you'll have to contact your host to change it.

Alternatively, you could use this code to emulate register globals; I'm not sure if it'll work with session-variables though - You might be able to do this by first calling session_start() and then replace the line with extract with this:

PHP Code:

extract($superglobal, EXTR_SKIP | EXTR_REFS); 


[simshaun]

For the love of god, just fix your code where it does not require register_globals instead of wasting every body's time trying to figure out how to get register_globals turned on.
As they already told you, register_globals is bad.

[felgall]

The next version of PHP isn't going to support register globals at all - register globals was identified as a security hole many years ago and so many web hosts no longer allow it to be turned on. It only takes about four or five lines of code at the top of the script to copy the fields that you want out of the $_POST and $_GET arrays so that you don't need it anyway.

[Links2Cash]

Most hosts won't turn it on. I found that out the hard way! I ended up moving my site 3 times before I found a host that would turn them on. the problem is, if they're turned on, it affects other sites on the server in a negative way.

As soon as I learn enough php, I'm getting rid of this in my site.

[SpacePhoenix]

imho all hosts should turn register globals off

[felgall]

Why would hosts enable a security hole in their system when a half dozen lines of code achieves the same result without a security hole.

Register Globals is at the end of its period as deprecated (flagged for removal) since it actually has been removed from the version of PHP currently under development. The next time an update to PHP is released register globals will no longer exist to be enabled or disabled.

[kyberfabrikken]

While register globals is a bad practise, it's probably not the worst security hole on it self. I think the point to take into consideration is that some people might have legacy code, and may not want to upgrade it. In that scenario, emulating register globals might make sense. I would certainly recommend against relying on this ancient anti-feature for any new development and even recommend an upgrade unless the code is in the very end of its life cycle.

[felgall]

What is wrong with adding a half dozen lines of extra code to the top of each script in a legacy application so as to do away with the need for register globals? It's not like you have to make any changes to the script itself to fix it. The fix to do away with the need for it is so trivial that all decent scripts should have fixed this many years ago.