Variable Naming Conventions

La_Parka

I have a dozen or so variables stored in a 'common.php' file that all pages of my site use, and want to be consistent with naming conventions.

example:

$website['title'] = "My Site";
$website['url'] = "http://www.mysite.com";
$website['dbhost'] = "127.0.0.1";
$website['dbusername'] = "root";
$website['dbpassword'] = "password";

I know Register_Globals has been associated with security concerns. Would these be considered global variables?

Would variable names such as these ($array['1'] style?) make my site any more vulnerable than conventional names would?

drew010

you are fine doing that. its quite common actually.

register globals actually has to do with automatically naming certain variables from a form like $POST['varname'] to $varname or $COOKIE['mycookie'] to $mycookie etc..

the threat to that is something like this...

if ($authorized) {
  //sensitive area
}

this way a person knowing the code could do.
script.php?authorized=1
now since register globals is on, $_GET['authorized'] will automatically be converted to $authorized, hence that statement evaluates true and the secure content is shown.

with register globals off, $_GET['authorized'] and $authorized in the script are two completely different variables and the problem doesnt arise.