 |
 |
|||||||||||
        
| |||||||||||
|
 |
|
|
PHP Coding Practices
register_globals Transition Guideregister_globals is a PHP setting that determines how your HTML form elements are handled by PHP. Please read and understand this page before writing any more PHP code. For a concise guide, visit this page. Code that relies on register_globals being turned on will not function after May 1, 2005. You will need to convert your code. If you wish to work with your code in an environment where register_globals is off, you will need to create a file named '.htaccess' in the directory where your files will reside. The .htaccess file should contain this line to disable register_globals: php_flag register_globals off This will cause register_globals to be inactive for that directory. We reccomend that you place a copy of any PHP code you are responsible for in a new directory, set register_globals to off and make sure all your code works before the May 1 deadline. Examples of old/incorrect form processing and correct form processing
You may find further examples of variables from outside PHP helpful. Other things to look out for when de-register_globalizing:Calls to functions like session_register(), sesssion_is_registered(), and session_unregister() are incompatible with register_globals turned off. The official scoop on session_register() is here. Here's a quick fix:
Also be sure to make a call to session_name() in every page to ensure your session variables don't conflict with other applications. Be sure to choose a distinctive, unique name. Additional ResourcesHere are a few good references on security issues in PHP:
|
|||||||
Text | Directory | Index | Contact | Calendar | News | Giving©Copyright 1999 -- 2006 University of Rochester |
|||||||||||
