PHP: How to use local variables with register_globals off

CNC Technical support Oracle ERP1 Peoplesoft JdedwardsRequest quote for CNC tecnical support of Peoplesoft Oracle JDE technical supportQualifications of CNC Technician for Oracle ERPContact CNC Technical support

 

 

MORE TUTORIALS SCRIPTS AND HELP FOR WEBMASTERS

Tutorial Mod rewriteThe viXML script
Parse web search results Using Gigablast XML services

Convertir PHP en HTMLJavascript and PHP
How run PHP with Javascript using JS Onclick

PHP y JS funcion OnclickToolbar design
Custom toolbars for Internet Explorer and Mozilla Use toolbars to enhance user loyalty and affiliates CPM

PHP para ocultar email con imagenData extraction service
Data mining and scrapping We provide data extraction

 

Hospedaje sitios web con excelentes ventajas!

 

GoDaddy $8.95 Registro de Dominios

 

 

 

PHP: How to use local variables with register_globals off

This tutorial explains how to use local variables with register_globals turned off without $_get and $_post. Also how to check the register_globals settings on a web server.

Common security problems

When register_globals = on, on a web server, the security might be compromised since the passing variables to the script can be poisoned by malicious coders. From this stand point it is not recommended turning on the register global PHP directive.

The Error: variables on PHP scripts are empty!

Most common error comes from bad coded scripts: Variables on PHP scripts are not being initialized and variables does not contain any value. Same to say that variables are empty. The script simple does not display any data during a query to a database (Mysql database).

This error pop-up when a site is transferred from a web hosting that set the parameter register global = on to a web hosting which the setting off.

Moreover, some scripts simple does not use the PHP commands $_GET['var'], $_POST['var'] or the environment variables COOKIE, ENVIROMENT and SERVER.

Solutions:

1. Use the function import_request_variables

Use the function import_request_variables, which import GET/POST/Cookie variables into the global scope making them available to script again.

This will import GET and POST vars, however, it is possible to over-write other data, namely GET, POST, COOKIE, ENVIROMENT and SERVER. So it is recommend using a prefix not to overwrite any previous defined data.

Function import_request_variables with a prefix

This command will import GET and POST vars with an "myprefix_" prefix.

2. Turning ON the Register_globals (it is not recommended since the vulnerability it creates)

Register_globals is one if core php.ini directives. It can be modified updating the php.ini file.

Anyway, where is the php.ini file?

To check the current value of the PHP Directives and the path of the current php.ini file, use the function phpinfo();

Create a file phpinfo.php or named how you like it using notepad and place it on the server. It will display the current settings of the PHP environment. The file might contain the code below.

PHP.INI found, now what?

(be sure to backup the php.ini before changes).

Common path of a php.ini file with cpanel: /usr/local/Zend/etc/php.ini

First accessing the server thru SSH or the third party software putty.exe with the root password.

To backup the php.ini you can use the unix command cp.

To enable or disable the Register_globals locate the directive inside the PHP.INI file using the editor vi: vi /usr/local/Zend/etc/php.ini

Credits

This tutorial created by Sergio Vargas, contact me Sergio Vargas weblog - Gallo Pinto

COMMENTS / OPINIONS / ERRORS HERE!!


PHP use local variables iconPHP: Use local variables with register_globals off
QUESTIONS AND COMMENTS
How make uses of local variables with register_globals off
07 May 2006

More about Web hosting apache directives

viXML is used to parse search engine results, it is free, try!

Error: It's not possible to reach RSS file...

© Copyright 2006-07. Vlialin Inc.
All right reserved

   Free web templates by MyFreeTemplates.com