473,324 Members | 2,268 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

register_globals ON ? / OFF ?

Whats best :

register_globals ON ?

OR

register_globals OFF ?

I currently use:
$_POST
$_GET
$_REQUEST

Does On or Off make any major difference ?

Thanks
Jul 16 '05 #1
4 12375

"Nel" <ne***@ne14.co.NOSPAMuk> wrote in message
news:PF*********************@stones.force9.net...
<Frank @ MyPlace.Com (Frank)> wrote in message
news:3f****************@news.btclick.com...
Whats best :

register_globals ON ?

OR

register_globals OFF ?

I currently use:
$_POST
$_GET
$_REQUEST

Does On or Off make any major difference ?

Thanks


If you program with register_globals OFF you only need to make sure you
don't leave any uninitialised variables that can be abused by hackers.

Whether it's on or off you will still need to validate any user input, so I
perfer register_globals OFF, as it saves having to prefix all my variables
with $_POST etc.

If, on the other hand, you are worried that you may forget to initialise
your variables, then go for register_globals ON.

Nel

or vice versa ? I think you mean on when you said off, off when you said on.

Jul 16 '05 #2
Nel wrote:

Whether it's on or off you will still need to validate any user input, so
I perfer register_globals OFF, as it saves having to prefix all my
variables with $_POST etc.

If, on the other hand, you are worried that you may forget to initialise
your variables, then go for register_globals ON.


You mean the other way around here (on -> off, off -> on), but you shoudl
really use $_POST/GET/REQUEST (REQUEST is my preference) anyway, as your
projects increase in size you will quickly end up in a situation where it's
not clear wether a variable, $foononny you are using (and wrote 2 months
ago) is from a get/post or a locally generated (global) variable - using
$_GET/POST/REQUEST makes it perfectly clear.

--
James Sleeman
Gogo:Code, http://www.gogo.co.nz/
PHP & Coldfusion Programming Services
Email domain : gogo.co.nz see user in from header!
Jul 16 '05 #3
James Sleeman wrote:
Nel wrote:

Whether it's on or off you will still need to validate any user
input, so I perfer register_globals OFF, as it saves having to
prefix all my variables with $_POST etc.

If, on the other hand, you are worried that you may forget to
initialise your variables, then go for register_globals ON.


You mean the other way around here (on -> off, off -> on), but you
shoudl really use $_POST/GET/REQUEST (REQUEST is my preference)
anyway, as your projects increase in size you will quickly end up in
a situation where it's not clear wether a variable, $foononny you are
using (and wrote 2 months ago) is from a get/post or a locally
generated (global) variable - using $_GET/POST/REQUEST makes it
perfectly clear.


Why would you use $_REQUEST if you had control over the form generating the
request? Using $_REQUEST means that there are twice the number of checks for
PHP to do when parsing the data (it has to see whether the key exists in the
post data and in the get data) and it makes it easier for people to screw
around with input...
Jul 16 '05 #4
Nel
Whoops! The sinility must really be kicking in! ;-)
Thanks. Nel
"James Sleeman" <ja***@seeMessageForDomain.moc> wrote in message
news:Yz*******************@news02.tsnz.net...
Nel wrote:

Whether it's on or off you will still need to validate any user input, so I perfer register_globals OFF, as it saves having to prefix all my
variables with $_POST etc.

If, on the other hand, you are worried that you may forget to initialise
your variables, then go for register_globals ON.
You mean the other way around here (on -> off, off -> on), but you shoudl
really use $_POST/GET/REQUEST (REQUEST is my preference) anyway, as your
projects increase in size you will quickly end up in a situation where

it's not clear wether a variable, $foononny you are using (and wrote 2 months
ago) is from a get/post or a locally generated (global) variable - using
$_GET/POST/REQUEST makes it perfectly clear.

--
James Sleeman
Gogo:Code, http://www.gogo.co.nz/
PHP & Coldfusion Programming Services
Email domain : gogo.co.nz see user in from header!

Jul 16 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

10
by: John | last post by:
Hello. I am a newbie to PHP. I am over halfway through my first book that I'm learning with and have just created login pages etc. I just wondered, if I am running php/mysql/apache locally,...
6
by: wonder | last post by:
Hi, The CRM application said that need to add an option "REGISTER_GLOBALS=On" to the php.ini file, so I did what it told. But I still can't get rid off the following error: The PHP variable...
8
by: lian | last post by:
Hi all, I have installed a web-based software written in php which needs that i should turn "register_globals" from off to on in the php.ini. There are some comments for register_globals in...
2
by: Phil Latio | last post by:
I am newish to PHP and wish to create an authentication system where a new user is required to validate/complete their sign-up by clicking a link in an email. I am probably capable of putting...
15
by: news | last post by:
You'd think it'd be easier to find the answer to this question. Did a search, and all I can find is people asking why something's not working and people replying it's because register_globals is...
6
by: peter | last post by:
Hi. I am just learning PHP. I'm taking over the website at work, which is coded in PHP. I am wondering about register_globals. They are on on the server we use. Is that a threat? I understand...
17
by: peter | last post by:
I just took over the website at work. I am still learning PHP. Register_globals are on and the script appears to be coded to take advantage of this. I know how to recode the script, but am unsure...
5
by: Samuel Shulman | last post by:
I keep getting the 'FATAL ERROR: register_globals is disabled in php.ini, please enable it!' error I changes that settings and I still get this error What should I do next? Thank you,...
12
by: Dave | last post by:
In PHP 4.4, what is the most secure server configuration while keeping REGISTER_GLOBALS on?
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.