register_globals

php4me

i have purchased a stats script which was developed at least 4-5 years ago. I have been told it uses register_globals with it. I know after reading a few threads and so on that it is a bad thing as it can be hacked easily or something to those regards.

I am not sure where exactly in the scripts it is looking for it, but when I do find how to I remove so the script still functions.

NogDog

Simply using register_globals does not necessarily make a script easier to hack, but if it is used in conjunction with some poor coding techniques (basically, using unintialized variables), then it can be a problem.

If you need to use such a script in an environment where register_globals is turned off (which is the default now), the quick fix is to run the [man]import_request_variables/man function before any reference is made to such variables. This will potentially have the same problems as would having register_globals turned on. The real fix therefore is to change all references to get, post, cookie, and session variables to their applicable super-global arrays ($GET, $POST, $COOKIE, and $SESSION) and ensure that register_globals is turned off in your PHP configuration.