say you have domain.com/index.php in index.php you write: echo $gettest; then open domain.com/index.php?gettest=set in your browser. if 'set' is printed, globals is on. if it's not, globals is off. You don't need globals to be on, bad scripting could result in security breaches. Instead, I use 1 file called vars.php which is included in every other PHP script. I put a $values = array ('item1','item2','item3'); in it, followed by a foreach ($_REQUEST as $key => $value){ if (in_array($key, $values)){ $$key = $value; } } what this basically does, for every GET or POST the page receives, it checks if it's in the array $values, and if it it, $_POST['item1'] will be converted to $item1. So you create your own little bit more secure global system ;) also, for every string you insert into a mysql database, you should mysql_real_escape_string(); so: $sqlquery = "INSERT INTO Customer (CUS_NAME, CUS_IC, CUS_COMPANY, CUS_COMPANY_ADDRESS, CUS_COMPANY_PHONE, CUS_HOME_ADDRESS, CUS_HOUSE_PHONE, CUS_HP,CUS_EMAIL) VALUES ('".mysql_real_escape_string($_REQUEST['name'])."','$ic','$company','$caddress','$cphone','$haddress','$hphone','$hp','$email')";