The dangers of setting PHP security register globals to TRUE_PHP tutorial

Question
About the dangers of setting register globals to TRUE
Solution
About the dangers of setting register globals to TRUE
Many people must have seen that setting register globals to on is very dangerous, but how dangerous it is? Many novices probably don’t know! So I will briefly talk about the dangers of setting register globals to on!
Take a look at the following code first:
There is the following code in the config.php file:

$GLOBALS[‘host’] = ‘localhost’;

$GLOBALS[‘username’] = ‘root’;

$GLOBALS[‘password’] = '';

$GLOBALS[‘database’] = ‘test’;

?>


The copied code has the following code in db.php:

require_once 'config.php';

function db_connect() {

$db=mysql_connect($GLOBALS['host'], $GLOBALS['username'], $GLOBALS['password']);

mysql_select_db($GLOBALS['database'], $db);

return $db;

}

?>


Copy the code. Obviously, if you add the above code when register globals is set to on, see what the effect is:
Enter: http://********/index.php?GLOBALS=*** in the browser, then your above code will execute incorrectly! Because the data of $GLOBALS has been modified! When register globals is set to on, the form ?GLOBALS=*** will be converted into the form $GLOBALS = ***! ! So very dangerous.
Although it is not harmful in this example, in some places where the $GLOBALS global variable is needed, we should check whether register globals is set to on. You can use the following code to check (the code comes from wordpress): function wp_unregister_GLOBALS() {

if ( !ini_get('register_globals') )

return;



if ( isset($_REQUEST['GLOBALS']) )

die('GLOBALS overwrite attempt detected');



// Variables that shouldn't be unset

$noUnset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES');



$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());

foreach ( $input as $k => $v )

if ( !in_array($k, $noUnset) && isset($GLOBALS[$k]) ) {

$GLOBALS[$k] = NULL;

unset($GLOBALS[$k]);

}

}


That’s it for copying the code!

[ ]


Reference answer
Okay, I love detailed articles like this!

http://www.bkjia.com/PHPjc/632604.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/632604.htmlTechArticleQuestion about the harm of register globals being set to TRUE Solution About the harm of register globals being set to TRUE Many people should have read this Setting register globals to on is very dangerous,...