Learn more about Register_globals (a solution with Register_globals=off Web site not open) _php tips

Deep understanding of Register_globals

Dedecms forced the register_globals.

Because Register_globals settings control the scope of PHP variable access, if the opening will cause unnecessary security problems, so here it is forced to close, if the webmaster space does not support, you can use the following methods to modify, for the majority of webmaster reference:

* If a standalone server user can modify the php.ini in the PHP configuration file, change the Register_globals=on to Register_globals=off, and then restart Apache.

* If you are a user of a virtual host, notify the space provider as much as possible about the configuration changes, or try Ini_set (' register_globals ', 0).

* Create a new. htaccess file in your site directory, plus php_flag register_globals off, if you already have a. htaccess file, add it directly to the last line;

* If not, then only use the final approach to include/common.inc.php the following code can be deleted (not recommended).

Opening register_globals can be a number of unsafe possibilities, forcing the request to close Register_globalsif (Ini_get (' register_globals ')) {exit (' <a href= ' http:/ /docs.dedecms.com/doku.php?id=register_globals ">php.ini register_globals must is Off! </a> '); Starting with the PHP4.2.0 version, the setting option in PHP.ini register_globals the default value to OFF. So, it's best to start with the off style now!
The value of the register_globals can be set to: On or off, and we give a code to describe their differences separately.

Code:

Copy Code code as follows:

<form name= "frmtest" id= "frmtest" action= "URL" >
<input type= "text" name= "user_name" id= "user_name" >
<input type= "Password" name= "User_pass" id= "User_pass" >
<input type= "Submit" value= "Login" >
</form>

When Register_globals=off, the next program should receive $_get[' user_name ' and $_get[' User_pass ' to accept the passed value. (Note: $_post[' user_name '] and $_post[' user_pass ' should be used when the method property of the <form> is POST)

When Register_globals=on, the next program can accept values directly using $user_name and $user_pass.

As the name suggests, register_globals means to register as a global variable, so when on, the passed value is directly registered as a global variable, and off, we need to go to a particular array to get it. So, a friend of those who can't get a value on the top should first check to see if your register_globals settings match the way you get the value. (see if you can use the Phpinfo () function or directly view php.ini) What's wrong here?

Look at the following PHP script, which is used to authorize access to a Web page when the username and password are entered correctly:

Copy Code code as follows:

<?php
Check User name and password
if ($username = = ' Kevin ' and $password = ' secret ')
$authorized = true;
?>
<?php if (! $authorized):?>
<!--unauthorized users will be given a prompt here-->
<p>please Enter your username and password:</p>
<form action= "<?= $PHP _self?>" method= "POST" >
<p>username: <input type= "text" name= "Username"/><br
Password: <input type= "Password" name= "Password"/><br/>
<input type= "Submit"/></p>
</form>
<?php Else:?>
<!--HTML content with security requirements-->
<?php endif;?>

The problem with the above code is that you can easily access the power without having to provide the correct username and password. Just add authorized=1 to the end of your browser's address bar. Because PHP automatically creates a variable for each committed value-whether it comes from moving a submitted form, a URL query string, or a cookie-this will set the $authorized to 1 so that an unauthorized user can break the security limit.

Register_globals=off Web site cannot open the solution

Register_globals is a configuration in php.ini, this configuration affects how PHP receives the passed parameters, as the name suggests, register_globals means to register as a global variable, so when on, The values passed are directly registered as global variables, and off, we need to go to a particular array to get it. So, a friend of those who can't get a value on the top should first check to see if your register_globals settings match the way you get the value. (View can use the Phpinfo () function or view the php.ini directly)

The purpose of Register_globals=off is primarily for security reasons, and most programs require that the value be set to OFF, what about a lot of scripts written in on style before? If your previous scripts are well planned, there is a public include file, such as config.inc.php, in this file, add the following code to simulate (this code does not guarantee that 100% can solve your problem, because I do not have a lot of tests, but I think the effect is good).


Code:

Copy Code code as follows:

<?php
if (!ini_get ("Register_globals"))
{
Extract ($_post);
Extract ($_get);
Extract ($_server);
Extract ($_files);
Extract ($_env);
Extract ($_cookie);

if (Isset ($_session))
{
Extract ($_session);
}
}
?>

the solution for PHP Undefined index and Undefined variable

$act =$_post[' act '];

Always prompt with the above code
notice:undefined index:act in F:\windsflybook\post.php on line 18

In addition, there are sometimes

Reference content
Notice:undefined Variable:submit ...

And so on some of these tips

Reason: caused by undefined variable

Workaround:
1) error_reporting Settings:
Find error_reporting = E_all
Modified to error_reporting = E_all & ~e_notice

2) register_globals settings:
Find register_globals = Off
Modify to Register_globals = On

Notice:undefined Variable:email in D:\PHP5\ENOTE\ADDNOTE. PHP on line 9
Notice:undefined Variable:subject in D:\PHP5\ENOTE\ADDNOTE. PHP on line 9
Notice:undefined variable:comment in D:\PHP5\ENOTE\ADDNOTE. PHP on line 9
........
Originally PHP does not need to define variables, but what should happen in this case?
Just find php.ini in C:\WINDOWS.
302 lines of error_reporting = E_all in php.ini
Modified into
error_reporting = e_all & ~e_notice restart apache2.2.
Workaround: Modify PHP.ini
Will: error_reporting = E_all
Modified to: error_reporting = E_all & ~e_notice
If any errors do not want to show, directly modify:
Display_errors = Off
If you do not have php.ini permission to modify, you can add to the head of PHP
Ini_set ("error_reporting", "E_all & ~e_notice");
Can