How to Disable PHP Register Globals
The register_globals setting in PHP allows users to automatically create variables on the server by passing information to it through the URL string. This form of implicit design makes it easy for programmers to send form data and automatically act upon it without explicitly retrieving it from the URL request. With the register_globals setting enabled, a user can send a request such as contact.php?name=myname&phone=5555555 to the script and the variable "name" and "phone" will automatically be created with the data "myname" and "5555555." Though convenient, this opens the system to security flaws and poor programming practices, especially when a user overrides the name of a variable already in use by the application. This setting can be disabled from your PHP configuration.
Other People Are Reading
Instructions
-
-
1
Open the "Start" menu on the server computer running PHP.
-
2
Type "notepad" (without quotes) in the Search bar and click "Notepad" from the list of results.
-
-
3
Click "File," then select "Open."
-
4
Type "%windir%\php.ini" (without quotes) in the "File name" field. This is the default location of the PHP configuration file on Windows systems. If you changed this, type the path to your php.ini file instead.
-
5
Press "Ctrl" and "F" on your keyboard to open a "Find" screen.
-
6
Type "register_globals" without quotation marks and press "Enter."
-
7
Change "register_globals = 1" to "register_globals = 0" to deactivate the setting.
-
8
Click "File" and select "Save."
-
9
Restart your web server to reload your PHP changes.
-
1
