Register_globals is an option in PHP that automatically turns special variables (GET, POST, COOKIE, etc.) into global variables. For example, $_GET['id'] becomes $id and this can pose a problem if you already use $id as an internal variable. This option is deprecated and defaults to off in current PHP versions, but may still be enabled on some servers.
If you want to be sure your script works with or without register_globals, here is a snippet the you can add to the beginning of your script:
Code: Select all
if(ini_get('register_globals')){
$globals = array_merge($_REQUEST, $_COOKIE, $_SESSION, $_SERVER, $_ENV);
$rg = array_keys($globals);
foreach($rg as $var){
unset(${$var});
}
}
This will unset all variables that match the name in those superglobals, negating register_globals. This should work on PHP version 4.1.0+.
