Globals

MBK

How do you switch globals on and off?
What does this do, how can I see what I currently have set?

mrmufin

Keep this morsel handy. It displays the entire PHP environment. Somewhere in there is a line called 'register_globals':

<?php phpinfo(); ?>

intenz

You can turn it on/off in your php.ini config.

Read about it here:
http://www.php.net/manual/en/language.variables.predefined.php

edwardsbc

What Register_Globals does: Register globals automatically takes variable values coming into the php script and "registers" them in the global environment. These inputs include get, post, and cookie values (environment values too?)

Example:

you click this url www.my.com/file.php?myvar=Craig&yourvar=Joe

In FILE.PHP (Register Globals on):

echo $myvar.' and '.$yourvar;

In FILE.PHP (Register Globals off):

$myvar=$GET['myvar'];
$yourvar=$GET['yourvar'];
echo $myvar.' and '.$yourvar;

Both of these will work. Registering Globals is considered a security risk because an evil user could conceivably overide your intended variable values by sending say a GET when you wanted a PUT or COOKIE. In general, you should only accept the type of input you expected (GET or PUT or COOKIE). This is why the current versions of PHP have Register_Globals off by default.