Learn more about register_globals (with register_globals = off, the website cannot be opened

Source: Internet
Author: User
Since register_globals is set to control the PHP variable access range, if it is enabled, it will cause unnecessary security issues, so it is forcibly disabled here. if the webmaster space is not supported, you can use the following methods to make changes, for the majority of webmasters to learn more about register_globals.

Dedecms forcibly restricts register_globals

Since register_globals is set to control the PHP variable access range, if it is enabled, it will cause unnecessary security issues, so it is forcibly disabled here. if the webmaster space is not supported, the following methods can be used for the majority of webmasters:

* If the server is an independent server, you can modify php. ini in the php configuration file, change register_globals = On to register_globals = Off, and restart Apache.

* If you are a VM user, notify the space provider as much as possible to modify the configuration, or try ini_set ('register _ globals', 0.

* Create a new. htaccess file in the website directory, and add php_flag register_globals off. if the. htaccess file already exists, add it to the last line;

* If the problem persists, delete the following code directly in include/common. inc. php (not recommended ).

// Enable register_globals has many unsafe possibilities. Therefore, disable register_globalsif (ini_get ('register _ globals') {exit ('php. ini register_globals must is Off! ');} From PHP4.2.0, the default value of register_globals in php. ini is off. Therefore, it is best to start programming with the Off style from now on!
The value of register_globals can be set to: On or Off. let's take a piece of code to describe their differences.

Code:

The code is as follows:



When register_globals = Off, when receiving the next program, use $ _ GET ['User _ name'] and $ _ GET ['User _ pass'] to accept the passed values. (Note: when




The problem in the code above is that you can easily obtain access power without providing the correct user name and password. Only add at the end of your browser's address bar? Authorized = 1. Because PHP automatically creates a variable for each submitted value-whether it is from a submitted form, URL query string, or a cookie-this will set $ authorized to 1, such an unauthorized user can break through the security restrictions.

Register_globals = off solution

Register_globals is php. the configuration in ini affects how php receives the passed parameters. as the name suggests, register_globals indicates registration as a global variable, so when On, the passed value will be directly registered as a global variable for direct use, and when Off, we need to get it in a specific array. Therefore, if you encounter the above problems that cannot get the value, you should first check whether your register_globals settings match the method you get the value. (You can use the phpinfo () function or directly view php. ini)

Register_globals = off is mainly for security considerations. at the same time, most programs require that this value be set to off. what should I do if a large number of scripts previously written in the On style are used? If your previous scripts are well planned, there is a public inclusion file, such as config. inc. for php files, add the following code in the file to simulate it (this code does not guarantee that 100% can solve your problem, because I did not perform a lot of tests, but I think it works well ).


Code:
The code is as follows:
If (! Ini_get ("register_globals "))
{
Extract ($ _ POST );
Extract ($ _ GET );
Extract ($ _ SERVER );
Extract ($ _ FILES );
Extract ($ _ ENV );
Extract ($ _ COOKIE );

If (isset ($ _ SESSION ))
{
Extract ($ _ SESSION );
}
}
?>


Php Undefined index and Undefined variable solution

$ Act = $ _ POST ['AC'];

The above code always prompts
Notice: Undefined index: act in F: \ windsflybook \ post. php on line 18

In addition

Reference content
Notice: Undefined variable: Submit ......

And so on.

Cause: The variable is undefined.

Solution:
1) error_reporting settings:
Locate error_reporting = E_ALL
Change to error_reporting = E_ALL &~ E_NOTICE

2) register_globals settings:
Find register_globals = Off
Change to register_globals = On

Notice: Undefined variable: email in D: \ PHP5 \ ENOTE \ ADDNOTE. PHP on line 9
Notice: Undefined variable: subject in D: \ PHP5 \ ENOTE \ ADDNOTE. PHP on line 9
Notice: Undefined variable: comment in D: \ PHP5 \ ENOTE \ ADDNOTE. PHP on line 9
........
Php does not need to define variables, but what should I do in this case?
Find the php. ini file in C: \ WINDOWS.
Row 302 in php. ini: error_reporting = E_ALL
Modify
Error_reporting = E_ALL &~ E_NOTICE: restart apache2.2.
Solution: modify php. ini
Yes: error_reporting = E_ALL
Changed to: error_reporting = E_ALL &~ E_NOTICE
If you do not want to display any errors, modify them directly:
Display_errors = Off
If you do not have permission to modify php. ini, you can add it to the php header.
Ini_set ("error_reporting", "E_ALL &~ E_NOTICE ");
You can.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.