In-depth understanding of register_globals (with register_globals=off solution to the problem that the website cannot be opened)_PHP tutorial

In-depth understanding of register_globals

register_globals is forcibly restricted in dedecms

Since the register_globals setting controls the access scope of PHP variables, if it is turned on, it will cause unnecessary security issues, so it is forcibly turned off here. If The webmaster's space does not support it. You can use the following methods to modify it for your reference:

* If you are a standalone server user, you can modify php.ini in the php configuration file and set register_globals=On Change register_globals=Off, and then restart Apache.

* If you are a virtual host user, notify the space provider as much as possible to let them modify the configuration, or you can try ini_set('register_globals',0).

* Create a new .htaccess file in the website directory and add php_flag register_globals off. If you already have a .htaccess file, just add it in a new line at the end;

* If it doesn't work, the only last resort is to go directly to include/common.inc.php and delete the following code (not recommended).

//Enabling register_globals has many unsafe possibilities, so Force register_globals to be turned off if(ini_get('register_globals')){ exit('php.ini register_globals must be Off! '); } Starting from PHP4.2.0 version, the default value of register_globals setting option in php.ini becomes off. So, it's best to start programming in Off's style now!
The value of register_globals can be set to: On or Off. Let’s give a piece of code to describe their differences respectively.

Code:

Copy code The code is as follows:

when register_globals= When Off, the next program should use $_GET['user_name'] and $_GET['user_pass'] to accept the passed value. (Note: When the method attribute of

is post, you should use $_POST['user_name'] and $_POST['user_pass'])

When register_globals=On, the next program can Use $user_name and $user_pass directly to accept values.

As the name suggests, register_globals means to register as a global variable, so when it is On, the passed value will be directly registered as a global variable and used directly, and when it is Off, we need to go to a specific array Go get it. Therefore, friends who encounter the above problems of not being able to get the value should first check whether your register_globals setting matches your method of obtaining the value. (To check, you can use the phpinfo() function or check php.ini directly) Let’s see what’s wrong here?

Look at the following PHP script, which is used to authorize access to a web page when the entered username and password are correct:

Copy code The code is as follows:

// Check username and password
if ($username == 'kevin' and $password == 'secret')
$authorized = true;
?>

The problem with the above code is that you can easily gain access without providing the correct username and password. Just add ?authorized=1 at the end of your browser's address bar. Because PHP automatically creates a variable for every submitted value -- whether from a form submission, a URL query string, or a cookie -- this will set $authorized to 1, so an unauthorized user can Security restrictions can be exceeded.

register_globals=off Solution to the problem that the website cannot be opened

register_globals is a configuration in php.ini. This configuration affects how php receives the passed parameters. As the name suggests, register_globals means to register as a global variable, so when it is On, the passed value will be directly registered as a global variable and used directly, and when it is Off, we need to go to a specific array to get it. Therefore, friends who encounter the above problems of not being able to get the value should first check whether your register_globals setting matches your method of obtaining the value. (To view, you can use the phpinfo() function or directly view php.ini)

register_globals=off is mainly for security reasons. At the same time, most programs require that the value be set to off. It was previously written in the On style. What to do with a large number of scripts? If your previous scripts were planned well and there is a public include file, such as a config.inc.php file, add the following code to this file to simulate it (this code is not guaranteed to solve your problem 100%, Because I haven't tested it extensively, but I think it works well).


Code:

Copy code The code is as follows:

if ( !ini_get("register_globals") )
{
extract($_POST);
extract($_GET);
extract($_SERVER);
extract($_FILES);
extract($_ENV);
extract($_COOKIE);

if ( isset($_SESSION) )
{
extract($_SESSION);
}
}
?>

Solution to php Undefined index and Undefined variable

$act=$_POST['act '];

Using the above code always prompts
Notice: Undefined index: act in F:windsflybookpost.php on line 18

In addition, sometimes

Quote content
Notice: Undefined variable: Submit...

etc. Some such tips

Cause: Caused by undefined variable

Solution Method:
1) error_reporting setting:
Find error_reporting = E_ALL
Modify to error_reporting = E_ALL & ~E_NOTICE

2) Register_globals setting:
Find register_globals = Off
Modify For register_globals = On

Notice: Undefined variable: email in D:PHP5ENOTEADDNOTE.PHP on line 9
　Notice: Undefined variable: subject in D:PHP5ENOTEADDNOTE.PHP on line 9
: comment in D:PHP5ENOTEADDNOTE.PHP on line 9
.....
Originally, php does not need to define variables, but what should I do if this happens?
As long as it is in C :WINDOWS Find the
of php.ini; In line 302 of php.ini, error_reporting = E_ALL
; Modify it to
; error_reporting = E_ALL & ~E_NOTICE and then restart apache2.2
; Solution: Modify php.ini
Change: error_reporting = E_ALL
to: error_reporting = E_ALL & ~E_NOTICE
If you don’t want any errors to be displayed, directly modify:
display_errors = Off
If you don’t have php To modify the permissions of .ini, you can add
ini_set("error_reporting", "E_ALL & ~E_NOTICE");
in the php header.

http://www.bkjia.com/PHPjc/325524.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/325524.htmlTechArticleIn-depth understanding of register_globals dedecms has forced restrictions on register_globals. Since the register_globals setting controls the PHP variable access range, if it is turned on, it will cause unnecessary security issues, so this...