turn register_globals off?

Run phpinfo() to see the settings for register_globals.
// script to display contents of phpinfo()
<?php
print(phpinfo());
?>

Yes, I did that and they are ON. When I try to turn them off in
..htaccess, they still show as being ON.

Thanks,

Peter

Well, this is what my .htaccess looks like (change the 4 to a 5, if you
have php5 )
<IfModule mod_php4.c>
php_value register_globals 0
</IfModule>

Ok, I'll give it a try tomorrow at work and see if I have any luck.
Thanks for your help, Kurt!

Peter

On 10 Oct 2005 14:17:46 -0700, "peter" <pl*****@yahoo.com> wrote:

I just took over the website at work. I am still learning PHP.
Register_globals are on and the script appears to be coded to take
advantage of this. I know how to recode the script, but am unsure how
to turn them off when I am done. I have googled and came up with
placing

php_flag register_globals off

in the .htaccess file.

I did this without recoding the script and the script still worked, so
I am assuming I did not turn them off. Please help.
Thanks,

Peter

If you turn register_globals offyou may have to do a huge amount of
recoding your global variables - good luck.

In the php.ini file change the line from:

register_globals = On

to

register_globals = Off

My php.ini is in c:\php - but I am working with Windows.

My website is on a shared hosting setup, so I don't think I will be
able to access php.ini.
Thanks,

Peter

peter wrote:

My website is on a shared hosting setup, so I don't think I will be
able to access php.ini.
Thanks,

Peter

Change hosts. I would *never* host with someone running with
register_globals on.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

peter wrote:

My website is on a shared hosting setup, so I don't think I will be
able to access php.ini.

http://in2.php.net/faq.misc#faq.misc.registerglobals

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Hey Rajesh, thanks! I'll try that emulation tomorrow. Nothing else
has worked for me so far. I will consider your advice, Jerry, too.
Thanks!

Peter

"peter" <pl*****@yahoo.com> wrote in message
news:11**********************@f14g2000cwb.googlegr oups.com...

I just took over the website at work. I am still learning PHP.
Register_globals are on and the script appears to be coded to take
advantage of this. I know how to recode the script, but am unsure how
to turn them off when I am done. I have googled and came up with
placing

php_flag register_globals off

in the .htaccess file.

The correct syntax is:

php_value register_globals 0

This will only work if your web host has actually configured Apache to look
in .htaccess files.

--
Tony Marston

http://www.tonymarston.net

Thanks for the proper syntax, Tony. I'm having a hard time getting an
answer out of my hosting company. Is there any reason the hosting
company would object to configuring apache to look in the .htacess
file?

Peter

Some web hosting companies offer a limited service simply because they do
not know any better. Amongst their "substandard" offerings are:
a) a version of PHP which is not the latest.
b) unwilling to include any of the optional PHP extensions.
c) PHP running in safe mode.
d) disallowing the option of htaccess files to change the Apache
configuration at account level.
e) Only one MySQL database.

These are things you should confirm with any hosting company before you sign
up with them. If your present hosting company is unwilling to offer a proper
service then I can only suggest you switch to another one.

--
Tony Marston
http://www.tonymarston.net
"peter" <pl*****@yahoo.com> wrote in message
news:11**********************@g44g2000cwa.googlegr oups.com...

Thanks for the proper syntax, Tony. I'm having a hard time getting an
answer out of my hosting company. Is there any reason the hosting
company would object to configuring apache to look in the .htacess
file?

Peter

"Tony Marston" wrote:

e) Only one MySQL database.

Why's that such a problem?

--
phil [dot] ronan @ virgin [dot] net
http://vzone.virgin.net/phil.ronan/

Ok, Tony, thanks for your help!

Peter

Philip Ronan wrote:

"Tony Marston" wrote:

e) Only one MySQL database.

Why's that such a problem?

Putting everything in one database just makes for a huge, unmaintainable
database. Administration of the database can be difficult, also.

Splitting unrelated information into different databases makes
everything easier to maintain and administrate.

For instance - on one of my sites, I'm running several databases. One
is for email - it handles email aliases, boxes, passwords, etc.
Everything the MTA (Exim in this case) needs.

Another database handles administrative functions for the website.
Access control (different people can access different areas of the
website) through the mod_auth_mysql authorization module.

A third database handles the CMS for the variable pages. A fourth one
handles the catalog and ordering.

Each of these databases operates independently from the other databases.
Nothing is common between them (well, maybe someone with an email box
can also have and administrative or CMS function).

This makes things much easier to maintain.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

"Philip Ronan" <in*****@invalid.invalid> wrote in message
news:BF78A093.39799%in*****@invalid.invalid...

"Tony Marston" wrote:

e) Only one MySQL database.

Why's that such a problem?

Because my application contains several unrelated projects, and I like to
keep each project's data in its own database. This makes backups and
restores a lot easier. Putting everything into a single database is
counter-intuitive for me.

--
Tony Marston
http://www.tonymarston.net

"Tony Marston" wrote:

"Philip Ronan" <in*****@invalid.invalid> wrote in message
news:BF78A093.39799%in*****@invalid.invalid...

"Tony Marston" wrote:

e) Only one MySQL database.
Why's that such a problem?

Because my application contains several unrelated projects, and I like to
keep each project's data in its own database. This makes backups and
restores a lot easier.

So the more databases you have, the easier it is to back them up...?

OK, if you're working with *lots* of data then maybe it would help to have
the facility to back applications up individually. But for a small website
on a budget host, I can't see the need, TBH.

Actually, on a shared host I think it's probably better to have
c) PHP running in safe mode.

because your server is only as secure as the lamest script running on it,
and you have no control over what everyone else is doing.
--
phil [dot] ronan @ virgin [dot] net
http://vzone.virgin.net/phil.ronan/