you are here

Getting rid of register_globals

To turn off register_globals, it is strongly suggested to go down the line, trying to modify the php.ini file first, then the .htaccess file, and then if these preferred options do not work, switching to a different host or implementing a register_globals off emulator (see below).

Go into your php.ini file or create a local php.ini file and set the register_globals to off

Create a .htaccess file and add this code:
php__flag register_globals off

Add the following to the very top of your code, as in the very first thing before anything else:

// Unset all variables EXCEPT superglobals
$allowed_variables = array('_POST','_GET','_REQUEST','_FILES','_COOKIE','_SESSION','_SERVER','_ENV');
get_defined_vars() as $key=>$value) {
in_array($key,$allowed_variables) && $key != 'allowed_variables') { unset($$key); }


Note, this will unset all variables including $PHP_SELF, $HTTP_USER_AGENT, $HTTP_GET_VARS, etc… except for superglobals.    Requires PHP 4.0.4 or higher.

Share this Page:
Facebook Twitter Linkedin Reddit Tumblr Email

Leave a Reply

Your email address will not be published. Required fields are marked *