info/php-the-right-way
1
0
Fork 0
mirror of https://github.com/codeguy/php-the-right-way.git synced 2025-08-14 01:33:58 +02:00
Code Issues Projects Releases Wiki Activity

Update 10-06-01-Register-Globals.md

Browse Source
This commit is contained in:
Przemysław Głębocki
2019-09-30 22:02:24 +02:00
committed by GitHub
parent 3ebe678af0
commit f10f09a279
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
_posts/10-06-01-Register-Globals.md
View File

@@ -8,11 +8,12 @@ anchor: register_globals
**NOTE:** As of PHP 5.4.0 the `register_globals` setting has been removed and can no longer be used. This is only
included as a warning for anyone in the process of upgrading a legacy application.
When enabled, the `register_globals` configuration setting that makes several types of variables (including ones from
When enabled, the `register_globals` configuration setting makes several types of variables (including ones from
`$_POST`, `$_GET` and `$_REQUEST`) available in the global scope of your application. This can easily lead to security
issues as your application cannot effectively tell where the data is coming from.
For example: `$_GET['foo']` would be available via `$foo`, which can override variables that have not been declared.
For example: `$_GET['foo']` would be available via `$foo`, which can override variables that have been declared.
If you are using PHP < 5.4.0 __make sure__ that `register_globals` is __off__.
* [Register_globals in the PHP manual](https://secure.php.net/security.globals)