I have a kind of old script for polls that I heavily modified it during years. The main code still there.

Today i realize that is using register_globals On (tested new changes in a local xampp installation).

Is there any good information regarding register_globals On|Off around to share?

I need to prepare this script to register_globals Off but I don't know where to start.

Any help is really appreciated.


You can have a look at this link for a brief overview:

You should also become familiar with the import_request_variables command. If you have a program that is dependent on a lot of variables passed from another program (Get or Post) or from the command line, this can be a fast way to get it working again under PHP 5 (without turning register_globals back on). Please note however; if you don't use the second parameter (prefix) then you basically re-introduce the same exposures that register_globals ON has. The better way is to only import the variables you need with $_POST but that may take some re-work for existing programs.

Hi and thanks Chris.

I read the article and tried also the import_request_variables. (didn't worked). I chase this to this point:

I found at least one variable that is passed along scripts: it's $login. Is set via a post in the Auth class from the "PHP Anthology" book 1st. Ed.

I use this variable some place else to identify the user logged in but I don't see how this variable is passed from the class to the other script. Is this what register_globals is about?

Basically the $login var is assigned:


and in some point this is used as:

<?php echo "<p>Bienvenido(a) $login<br/><br />"; ?>

With register_globals On is working but with Off is not.

I am sure there are more variables just like this one, but I don't see how _GET or _POST are involved here. I dump those variables and get nothing:

Dump GET

Any idea?

Thanks in advance