unidox Posted June 8, 2008 Share Posted June 8, 2008 I am kinda confused. I dont know what it is used for. I looked on php.net, but I am still kinda confused. Whats the difference when its on and off, how does it effect the scipt. Thanks Quote Link to comment Share on other sites More sharing options...
DarkWater Posted June 8, 2008 Share Posted June 8, 2008 Register_globals is completely gone in PHP6, by the way. It's probably one of the worst things ever designed for PHP. Not gonna lie. Here's what it does: Let's say you had a form field called "name", and you sent it through POST. Now, you know that it would be in $_POST['name']. With register_globals, $name is INSTANTLY equal to that when you start the script. I guess they thought it would make life easier. Here's the issue: GET has a higher priority over POST when it comes to register_globals (at least, I think. I think it's GPC, like magicquotes) So, they could send in your form, but they could also change the action URL and add let's say...$password to the GET string, i.e: yourdomain.com/process.php?password=A_PASSWORD Now, $password has that value set in the script by default. It basically made your script insanely insecure. Quote Link to comment Share on other sites More sharing options...
.josh Posted June 8, 2008 Share Posted June 8, 2008 Very scary. Turn them off. Never use them. The end. Quote Link to comment Share on other sites More sharing options...
DarkWater Posted June 8, 2008 Share Posted June 8, 2008 Very scary. Turn them off. Never use them. The end. Win. Quote Link to comment Share on other sites More sharing options...
unidox Posted June 8, 2008 Author Share Posted June 8, 2008 Thanks guys, I have never used it while on. Just wanted to know what it was for. Pretty useless. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.