I know that "register_globals = on" is not secure. But one program requires to use register_globals=on.
I have PHP 5.1, is it possible in the code set register_globals=off for specific scripts.
So I want to keep PHP register_globals=on in php.ini, but in local files set to off?
How I can do this?
[man]ini_set[/man]
ini_set("register_globals","Off");
This doesn't work.
Try ini_set('register_globals', '1');
According to the ini_set function documentation, it is not possible to alter the value of register_globals on runtime.
EDIT: If you have register_globals = on in the php.ini, you can always use the superglobals arrays to access data: use $GET where you expect data to be input via the URL and use $POST where you expect data to be input via a form using method POST. That way, if you ever change the php.ini setting, you are already using the correct way to access the values input.
Hrmm.....they should take that out of the table of available options then....
Well, it suggests using .htaccess, which is possible. You could also just [man]extract[/man] the arrays at the top of the page..
Originally posted by LordShryku
Hrmm.....they should take that out of the table of available options then....
Well, it suggests using .htaccess, which is possible. You could also just [man]extract[/man] the arrays at the top of the page..
How this can be done through "extract"?
It's around the middle of the page. Search for 'register_globals'. The last column on the row reads 'PHP_INI_PERDIR' and the definition for it can be found below the Configuration Options table.
I edited my earlier post, so you may want to read the edited part.
Yes, the .htaccess file could help. I've not tried it so can't help you with it.
extract($_SERVER);
extract($_SESSION);
extract($_COOKIE);
extract($_POST);
extract($_GET);Read the manual page for it though. There are other arguments that can be passed to it to dictate how it should act if it collides with another variable.