467,912 Members | 1,671 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 467,912 developers. It's quick & easy.

turn register_globals off?

I just took over the website at work. I am still learning PHP.
Register_globals are on and the script appears to be coded to take
advantage of this. I know how to recode the script, but am unsure how
to turn them off when I am done. I have googled and came up with
placing

php_flag register_globals off

in the .htaccess file.

I did this without recoding the script and the script still worked, so
I am assuming I did not turn them off. Please help.
Thanks,

Peter

Oct 10 '05 #1
  • viewed: 2548
Share:
17 Replies
Run phpinfo() to see the settings for register_globals.
// script to display contents of phpinfo()
<?php
print(phpinfo());
?>

Oct 10 '05 #2
Yes, I did that and they are ON. When I try to turn them off in
..htaccess, they still show as being ON.

Thanks,

Peter

Oct 10 '05 #3
Well, this is what my .htaccess looks like (change the 4 to a 5, if you
have php5 )
<IfModule mod_php4.c>
php_value register_globals 0
</IfModule>

Oct 10 '05 #4
Ok, I'll give it a try tomorrow at work and see if I have any luck.
Thanks for your help, Kurt!

Peter

Oct 10 '05 #5
On 10 Oct 2005 14:17:46 -0700, "peter" <pl*****@yahoo.com> wrote:
I just took over the website at work. I am still learning PHP.
Register_globals are on and the script appears to be coded to take
advantage of this. I know how to recode the script, but am unsure how
to turn them off when I am done. I have googled and came up with
placing

php_flag register_globals off

in the .htaccess file.

I did this without recoding the script and the script still worked, so
I am assuming I did not turn them off. Please help.
Thanks,

Peter


If you turn register_globals offyou may have to do a huge amount of
recoding your global variables - good luck.

In the php.ini file change the line from:

register_globals = On

to

register_globals = Off

My php.ini is in c:\php - but I am working with Windows.

Oct 11 '05 #6
My website is on a shared hosting setup, so I don't think I will be
able to access php.ini.
Thanks,

Peter

Oct 11 '05 #7
peter wrote:
My website is on a shared hosting setup, so I don't think I will be
able to access php.ini.
Thanks,

Peter


Change hosts. I would *never* host with someone running with
register_globals on.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Oct 11 '05 #8
peter wrote:
My website is on a shared hosting setup, so I don't think I will be
able to access php.ini.


http://in2.php.net/faq.misc#faq.misc.registerglobals

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Oct 11 '05 #9
Hey Rajesh, thanks! I'll try that emulation tomorrow. Nothing else
has worked for me so far. I will consider your advice, Jerry, too.
Thanks!

Peter

Oct 11 '05 #10

"peter" <pl*****@yahoo.com> wrote in message
news:11**********************@f14g2000cwb.googlegr oups.com...
I just took over the website at work. I am still learning PHP.
Register_globals are on and the script appears to be coded to take
advantage of this. I know how to recode the script, but am unsure how
to turn them off when I am done. I have googled and came up with
placing

php_flag register_globals off

in the .htaccess file.

The correct syntax is:

php_value register_globals 0

This will only work if your web host has actually configured Apache to look
in .htaccess files.

--
Tony Marston

http://www.tonymarston.net

Oct 16 '05 #11
Thanks for the proper syntax, Tony. I'm having a hard time getting an
answer out of my hosting company. Is there any reason the hosting
company would object to configuring apache to look in the .htacess
file?

Peter

Oct 16 '05 #12
Some web hosting companies offer a limited service simply because they do
not know any better. Amongst their "substandard" offerings are:
a) a version of PHP which is not the latest.
b) unwilling to include any of the optional PHP extensions.
c) PHP running in safe mode.
d) disallowing the option of htaccess files to change the Apache
configuration at account level.
e) Only one MySQL database.

These are things you should confirm with any hosting company before you sign
up with them. If your present hosting company is unwilling to offer a proper
service then I can only suggest you switch to another one.

--
Tony Marston
http://www.tonymarston.net
"peter" <pl*****@yahoo.com> wrote in message
news:11**********************@g44g2000cwa.googlegr oups.com...
Thanks for the proper syntax, Tony. I'm having a hard time getting an
answer out of my hosting company. Is there any reason the hosting
company would object to configuring apache to look in the .htacess
file?

Peter

Oct 16 '05 #13
"Tony Marston" wrote:
e) Only one MySQL database.


Why's that such a problem?

--
phil [dot] ronan @ virgin [dot] net
http://vzone.virgin.net/phil.ronan/
Oct 16 '05 #14
Ok, Tony, thanks for your help!

Peter

Oct 17 '05 #15
Philip Ronan wrote:
"Tony Marston" wrote:

e) Only one MySQL database.

Why's that such a problem?


Putting everything in one database just makes for a huge, unmaintainable
database. Administration of the database can be difficult, also.

Splitting unrelated information into different databases makes
everything easier to maintain and administrate.

For instance - on one of my sites, I'm running several databases. One
is for email - it handles email aliases, boxes, passwords, etc.
Everything the MTA (Exim in this case) needs.

Another database handles administrative functions for the website.
Access control (different people can access different areas of the
website) through the mod_auth_mysql authorization module.

A third database handles the CMS for the variable pages. A fourth one
handles the catalog and ordering.

Each of these databases operates independently from the other databases.
Nothing is common between them (well, maybe someone with an email box
can also have and administrative or CMS function).

This makes things much easier to maintain.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Oct 17 '05 #16

"Philip Ronan" <in*****@invalid.invalid> wrote in message
news:BF78A093.39799%in*****@invalid.invalid...
"Tony Marston" wrote:
e) Only one MySQL database.


Why's that such a problem?

Because my application contains several unrelated projects, and I like to
keep each project's data in its own database. This makes backups and
restores a lot easier. Putting everything into a single database is
counter-intuitive for me.

--
Tony Marston
http://www.tonymarston.net
Oct 17 '05 #17
"Tony Marston" wrote:

"Philip Ronan" <in*****@invalid.invalid> wrote in message
news:BF78A093.39799%in*****@invalid.invalid...
"Tony Marston" wrote:
e) Only one MySQL database.
Why's that such a problem?

Because my application contains several unrelated projects, and I like to
keep each project's data in its own database. This makes backups and
restores a lot easier.


So the more databases you have, the easier it is to back them up...?

OK, if you're working with *lots* of data then maybe it would help to have
the facility to back applications up individually. But for a small website
on a budget host, I can't see the need, TBH.

Actually, on a shared host I think it's probably better to have
c) PHP running in safe mode.


because your server is only as secure as the lamest script running on it,
and you have no control over what everyone else is doing.
--
phil [dot] ronan @ virgin [dot] net
http://vzone.virgin.net/phil.ronan/
Oct 17 '05 #18

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

4 posts views Thread by Frank | last post: by
3 posts views Thread by Useko Netsumi | last post: by
2 posts views Thread by Phil Latio | last post: by
15 posts views Thread by news | last post: by
12 posts views Thread by aeldaly | last post: by
4 posts views Thread by Angelos Devletoglou | last post: by
5 posts views Thread by Samuel Shulman | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.