No more Register Globals

I made a website years ago in Dreamweaver and it’s been running on it’s own with users logging in. Everything is working fine until now when the host have disabled Register Globals on the server (which is probably a good thing). But is there an easy way to make things work again??? I guess there must be something wrong with my code when people can’t login to my page. Is there any ion somewhere that explains what to do? My programming skills are not that good and I usually play around until things work. And I just want that login to work… :frowning:

since register_globals is off, you need to fetch the data you need from the appropriate superglobals directly.

// get a value from a POST form submit
$value = $_POST['key']; // <— this is always a string
// alternately, use a filter function (ex: an integer value)
$my_int = filter_input(INPUT_POST, 'my-int', FILTER_VALIDATE_INT);

It is DEFINITELY a good thing as register globals was a big security hole in PHP. That’s why the default was changed to off in PHP 4.2 and it was flagged as deprecated. It has since been removed (as the fact that it was deprecated many years ago indicated would happen).

THe way to correctly process the fields passed to the page is to get the values from the $_GET and $_POST arrays and validate (or at a minimum sanitize) them prior to moving their value into the field name you were previously using. It is this validate/sanitize step that could be left out when using register globals without there being any indication that these most important security checks were missing. At least with register globals off (or for the past few years not existing at all) you have the direct assignment of the $_GET and $_POST variables to internal field names to indicate that you missed a step.

Plue now that register globals is gone it is not possible for anyone to insert a value into a field that you didn’t expect to be passed to the script as you would only reference the $_GET and $_POST for the fields you do expect.

1 Like

Whatabout Session_register? Is that still working? Or written in a different way?
There is something in my code that is not working. I have to figure out what, but I will probably find what is not working after a while. When I have time to look at the code.

session_register has also been deprecated as of PHP 5.3 (and removed as of 5.4). You will need to assign session data directly to the $_SESSION super global array:

// the following
$var = 'val';
//is equivalent to
$_SESSION['var'] = 'val';

So, the following code would work? Or do I only need the second line to make it work?

	$_SESSION['usrname'] = $row_rs_user['username'];

session_register was removed in PHP 5.4;
the second line is the method to add things to the session superglobal array.

So by using just the code above after a user have logged in, I can keep that username with me on all other pages until they logout?

As long as you reference it properly ($_SESSION rather than $SESSION) [EDIT: That… looks like a discourse-eating-your-underscores-thing… odd], yes. A declarative statement into the session superglobal array registers that element for use in the entire session.

Yes. The underscore was removed when writing the reply.

two underscores make up the “this is italics” section. you’d need to put [inline] code tags (`) around it unless it’s inside a code block.

Ok. Now everything is working fine (at least what I can see). I just changed three lines of code in the login parts. Thanks a lot.