There are no security holes in php, haha. Pay attention_PHP tutorial

If register_globals = On in your php.ini, all post, get, cookie, and session variables with the same name will be mixed together.
You can use $HTTP_*_VARS["username"] to determine which variable you want. .
But even if they have the same name, variables_order = "GPCS" in php.ini will be judged according to the priority level. A lower-level value cannot override a higher-level value
So, if you use session_register(" from the beginning username") is wise, you can also use session_is_registered to determine whether the variable has been registered.
This is an example:
if (!session_is_registered("username")) {
$user_name= "";
Session_register("username");
}
At the same time, ensure that in your php.ini, variables_order = "GPCS" (default) S means that session should be placed last and take priority.
register_globals = On Some waste system resources and are turned off in the optimization configuration, which also avoids so-called loopholes.
Because I have encountered this problem before, I would like to give it a reference.

http://www.bkjia.com/PHPjc/629805.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629805.htmlTechArticleIf register_globals = On in your php.ini, all post, get, cookie, session variables with the same name will To mix it all together, you can use $HTTP_*_VARS[username] to determine which variable you want. But...