Community wiki

Community wiki

How to deal with register_globals Off

Just a view quick notes from me (RalfBecker):

  • only use the following superglobals:
    • $_GET variables used in the url
    • $_POST variables used in forms with method="post"
    • $_COOKIE cookie variables
    • $_SERVER server settings like $_SERVER['PHP_SELF'] or $_SERVER['HTTP_HOST']
  • phpinfo() gives a nice list of availible $_SERVER vars (beware some of them are webserver specific !)
  • dont asume any variables get auto-registered, eg. after the url: /index.php?test=1 you cant use just $test, use $_GET['test']
  • dont use any of the old forms to access these vars like:
    • $test does not work, not even in global scope (not in a function or class)
    • $GLOBALS['test'], this gives one only global scope, eg. from within a function or class, if the vars are not registered it does NOT help
    • $HTTP_{GET|POST|SERVER|COOKIE}_VARS they work with register_globals off, but they are depricated and you can configure php in the php.ini not to **$GLOBALS['HTTP_{GET|POST|SERVER|COOKIE}_VARS'] same as for the above

Back to DeveloperDocs
You are here