register_globals info

Question

Notuo 0 Newbie Poster

15 Years Ago

Hi.

I have a kind of old script for polls that I heavily modified it during years. The main code still there.

Today i realize that is using register_globals On (tested new changes in a local xampp installation).

Is there any good information regarding register_globals On|Off around to share?

I need to prepare this script to register_globals Off but I don't know where to start.

Any help is really appreciated.

Regards,

php

2 Contributors
2 Replies
90 Views
1 Day Discussion Span
Latest Post 15 Years Ago Latest Post by Notuo

chrishea 182 Nearly a Posting Virtuoso

15 Years Ago

You can have a look at this link for a brief overview:
http://www.plus2net.com/php_tutorial/register-globals.php

You should also become familiar with the import_request_variables command. If you have a program that is dependent on a lot of variables passed from another program (Get or Post) or from the command line, this can be a fast way to get it working again under PHP 5 (without turning register_globals back on). Please note however; if you don't use the second parameter (prefix) then you basically re-introduce the same exposures that register_globals ON has. The better way is to only import the variables you need with $_POST but that may take some re-work for existing programs.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Notuo 0 Newbie Poster · Answer 1 · 2009-08-05T00:59:22+00:00

Hi and thanks Chris.

I read the article and tried also the import_request_variables. (didn't worked). I chase this to this point:

I found at least one variable that is passed along scripts: it's $login. Is set via a post in the Auth class from the "PHP Anthology" book 1st. Ed.

I use this variable some place else to identify the user logged in but I don't see how this variable is passed from the class to the other script. Is this what register_globals is about?

Basically the $login var is assigned:

$login=mysql_escape_string($_POST[USER_LOGIN_VAR]);

and in some point this is used as:

<?php echo "<p>Bienvenido(a) $login<br/><br />"; ?>

With register_globals On is working but with Off is not.

I am sure there are more variables just like this one, but I don't see how _GET or _POST are involved here. I dump those variables and get nothing:

Dump GET
array(0)
Dump POST
array(0)

Any idea?

Thanks in advance