register_globals The difference between register_globals parameter OFF and ON in PHP (detailed explanation of register_globals usage)

The value of register_globals can be set to: On or Off. Let’s give a piece of code to describe their differences respectively.
Code:

Copy code The code is as follows:

< ;input type="password" name="user_pass">

When register_globals=Off, the next program receives You should use $_GET['user_name'] and $_GET['user_pass'] to accept the passed value. (Note: When the method attribute of

is post, you should use $_POST['user_name'] and $_POST['user_pass'])
When register_globals=On, the next program can directly use $user_name and $user_pass to accept the value.
As the name suggests, register_globals means to register as a global variable, so when it is On, the passed value will be directly registered as a global variable and used directly, and when it is Off, we need to get it in a specific array. Therefore, friends who encounter the above problems of not being able to get the value should first check whether your register_globals setting matches your method of obtaining the value. (To view, you can use the phpinfo() function or directly view php.ini)
Then why do we use Off? There are 2 reasons:
1. New versions of PHP will use Off by default. Although you can set it to On, when you cannot control the server, the compatibility of your code becomes a big problem, so you should So start programming in the Off style from now on
2. Here are two articles explaining why you should use Off instead of On
http://www.php.net/manual/en/security.registerglobals.php
There are still One question is, what to do with the large number of scripts written in the On style before?
If your previous script was planned well and there is a public include file, such as config.inc.php, add the following code to this file to simulate it.
Code:

Copy code The code is as follows:

if ( !ini_get('register_globals') )
{
extract($_POST);
extract($_GET);
extract ($_SERVER);
extract($_FILES);
extract($_ENV);
extract($_COOKIE);
if ( isset($_SESSION) )
{
extract($_SESSION);
}
}
? >

register_globals = Off not only affects how to obtain the data passed from and url, but also affects session and cookie. Correspondingly, the way to obtain session and cookie should be: $_SESSION[ ], $_COOKIE. At the same time, there are some changes in session processing. For example, session_register() is unnecessary and invalid. For specific changes, please check the Session handling functions in the php manual. The content in the middle of $_REQUEST actually comes from $_GET $_POST $_COOKIE. The disadvantage is that it is impossible to determine whether the variable comes from get post or cookie, which is not suitable for occasions with strict requirements.
The above introduces the difference between register_globals parameter OFF and ON in register_globals PHP (detailed explanation of register_globals usage), including the content of register_globals. I hope it will be helpful to friends who are interested in PHP tutorials.