Learn more about register_globals

In-depth understanding of register_globals

register_globals is forcibly restricted in dedecms

Since the register_globals setting controls the PHP variable access range, if it is turned on, it will cause unnecessary security issues, so it is forcibly turned off here. If the webmaster's space does not support it, The following methods can be used to modify it for the reference of webmasters:

*If you are a stand-alone server user, you can modify php.ini in the php configuration file, change register_globals=On to register_globals=Off, and then restart Apache.

*If you are a virtual host user, notify the space provider as much as possible to let them modify the configuration, or you can try ini_set('register_globals',0).

*Create a new .htaccess file in the website directory and add Just go to php_flag register_globals off. If there is already an .htaccess file, just add it in a new line at the end;

*If it doesn't work, then the only way is to go directly to include/common.inc.php and add the following code Just delete it (not recommended).

//Opening register_globals will have many unsafe possibilities, so it is mandatory to close register_globalsif(ini_get('register_globals')){ exit('php.ini register_globals must is Off! '); } Starting from PHP4.2.0 version, the default value of register_globals setting option in php.ini changes Became off. So, it's best to start programming in Off's style now!
The value of register_globals can be set to: On or Off. Let’s give a piece of code to describe their differences respectively.

Code:

. The code is as follows:

When register_globals=Off, the next program should use $_GET['user_name'] and $_GET['user_pass'] to accept the passed value when receiving. (Note: When the method attribute of

is post, you should use $_POST['user_name'] and $_POST['user_pass'])

When register_globals=On, the next program can directly use $user_name and $user_pass to accept the value.

As the name suggests, register_globals means to register as a global variable, so when it is On, the passed value will be directly registered as a global variable and used directly, and when it is Off, we need to get it in a specific array. Therefore, friends who encounter the above problems of not being able to get the value should first check whether your register_globals setting matches your method of obtaining the value. (To check, you can use the phpinfo() function or check php.ini directly) Let’s see what’s wrong here?

Look at the following PHP script, which is used to authorize access to a web page when the entered username and password are correct:

. The code is as follows:

// Check the username and Password
if ($username == 'kevin' and $password == 'secret')
$authorized = true;
?>

Please enter your username and password:

Username:

Password:

The problem with the above code is that you can easily gain access without providing the correct username and password. Just add ?authorized=1 at the end of your browser's address bar. Because PHP automatically creates a variable for every submitted value -- whether from a form submission, a URL query string, or a cookie -- this will set $authorized to 1, so an unauthorized user can Security restrictions can be exceeded.

register_globals=off Solution to the problem that the website cannot be opened

register_globals is a configuration in php.ini. This configuration affects how php receives the passed parameters. As the name suggests, register_globals means to register as a global variable, so when On When, the passed value will be directly registered as a global variable for direct use, and when Off, we need to get it in a specific array. Therefore, friends who encounter the above problems of not being able to get the value should first check whether your register_globals setting matches your method of obtaining the value. (To check, you can use the phpinfo() function or directly check php.ini)

register_globals=off is mainly for security reasons. At the same time, most programs require that the value be set to off. What should I do with a large number of scripts written in the On style before? ? If your previous scripts were planned well and there is a public include file, such as a config.inc.php file, add the following code to this file to simulate it (this code is not guaranteed to solve your problem 100%, Because I haven't tested it extensively, but I think it works well).


Code:

. The code is as follows:

if ( !ini_get("register_globals") )
{
extract($_POST);
extract($_GET);
extract($ _SERVER);
extract($_FILES);
extract($_ENV);
extract($_COOKIE);

if ( isset($_SESSION) )
{
extract($_SESSION);
}
}
?> ;

php Undefined index and Undefined variable solution

$act=$_POST['act'];

Using the above code always prompts
Notice: Undefined index: act in F:windsflybookpost.php on line 18

In addition, sometimes

quote content
Notice: Undefined variable: Submit...

and other such prompts

Cause: caused by undefined variables

Solution:
1) error_reporting setting:
Find error_reporting = E_ALL
Modify to error_reporting = E_ALL & ~E_NOTICE

2) Register_globals setting:
Find register_globals = Off
Modify to register_globals = On

Notice: Undefined variable: email in D:PHP5ENOTEADDNOTE. PHP on line 9
Notice: Undefined variable: subject in D:PHP5ENOTEADDNOTE.PHP on line 9
Notice: Undefined variable: comment in D:PHP5ENOTEADDNOTE.PHP on line 9
... Variables need to be defined, but what should we do if this happens?
Just find php.ini in C: WINDOWS
In line 302 of php.ini error_reporting = E_ALL
Change it to
error_reporting = E_ALL & ~E_NOTICE Just restart apache2.2
Solution: Modify php.ini
Change: error_reporting = E_ALL
to: error_reporting = E_ALL & ~E_NOTICE
If you don’t want any errors to be displayed, just modify:
display_errors = Off
If you don’t have To modify the permissions of php.ini, you can add ini_set("error_reporting", "E_ALL & ~E_NOTICE"); to the php header. That's it

The above is the in-depth understanding of register_globals. For more related articles, please pay attention to the PHP Chinese website (www.php.cn)!