Register Globals

[Steven Delport]

I am looking at osCommerce but it will not install with Register Globals off, I believe that it should always be set to off,
and only be used for proto typing.

Please some help here

[oliver]

Hi there,

register_globals is a potential security problem. A hacker could access non-initialized php-variables and enter malicious code that way - if all variables are initialized (as they should always be) everything's fine.

As far as I know you can switch on register_globals in .htaccess. So you should switch it on for the folders needing register_globals only.

Oliver

[Steven Delport]

Thanks Oliver as I did not write the code is seems like a big ask to check it so I will rather go someplace else
I also believe that this will not be available in PHP 6, what we saying is good forthought is always the best.

[fabian]

I am looking at osCommerce but it will not install with Register Globals off, I believe that it should always be set to off, and only be used for proto typing.

Hi Steven,

as oliver said, register_globals should actually always be off, however at most web hosts it's still on (because they're scared to break any scripts). If you don' have access to the php.ini, you can use a .htaccess file to modify the setting for your application:

Code:

php_flag register_globals On

and: yupp, PHP 6 won't have Register Globals, Magic Quotes and this crap... But it's still gonna take a while until there will be a release candidate...