That code looks fine. Shouldn't have any problems with register_globals disabled.
The register_globals constant, when enabled, basically does exactly what this code does:
-
# The order of this may vary
-
extract($_REQUEST, EXTR_OVERWRITE);
-
extract($_SESSION, EXTR_OVERWRITE);
-
This basically takes all elements from those arrays and imports them into the global scope, making them available as regular variables rather than array elements.
For example:
-
# If register_globals is enabled this:
-
echo $_POST['myFormInput'];
-
-
# can also be accessed like this:
-
echo $myFormInput;
-
-
# They are one and the same thing
-
Which is a very bad thing, as PHP is creating extra variables in the global scope that have not been verified and may never even be used.
Not to mention that if an element in one of the super-global arrays has the same name as an element in one of the other super-globals, only one of them can be extracted as a variable, which can easily cause problems.
So, by disabling the register_global directive, PHP will no longer creating these extra variables in the global scope, which makes your code more secure as well as boosting performance.