turn register_globals off?

**kurt.krueckeberg@gmail.com** · Oct 10 '05, 09:55 PM

Re: turn register_global s off?

Run phpinfo() to see the settings for register_global s.
// script to display contents of phpinfo()
<?php
print(phpinfo() );
?>

**peter** · Oct 10 '05, 10:05 PM

Re: turn register_global s off?

Yes, I did that and they are ON. When I try to turn them off in
..htaccess, they still show as being ON.

Thanks,

Peter

**kurt.krueckeberg@gmail.com** · Oct 10 '05, 11:15 PM

Re: turn register_global s off?

Well, this is what my .htaccess looks like (change the 4 to a 5, if you
have php5 )
<IfModule mod_php4.c>
php_value register_global s 0
</IfModule>

**peter** · Oct 10 '05, 11:45 PM

Re: turn register_global s off?

Ok, I'll give it a try tomorrow at work and see if I have any luck.
Thanks for your help, Kurt!

Peter

**Harry Haller** · Oct 11 '05, 03:45 AM

Re: turn register_global s off?

On 10 Oct 2005 14:17:46 -0700, "peter" <plaz987@yahoo. com> wrote:
[color=blue]
>I just took over the website at work. I am still learning PHP.
>Register_globa ls are on and the script appears to be coded to take
>advantage of this. I know how to recode the script, but am unsure how
>to turn them off when I am done. I have googled and came up with
>placing
>
>php_flag register_global s off
>
>in the .htaccess file.
>
>I did this without recoding the script and the script still worked, so
>I am assuming I did not turn them off. Please help.
>
>
>Thanks,
>
>Peter[/color]

If you turn register_global s offyou may have to do a huge amount of
recoding your global variables - good luck.

In the php.ini file change the line from:

register_global s = On

to

register_global s = Off

My php.ini is in c:\php - but I am working with Windows.

**peter** · Oct 11 '05, 10:25 AM

Re: turn register_global s off?

My website is on a shared hosting setup, so I don't think I will be
able to access php.ini.

Thanks,

Peter

**Jerry Stuckle** · Oct 11 '05, 11:05 AM

Re: turn register_global s off?

peter wrote:[color=blue]
> My website is on a shared hosting setup, so I don't think I will be
> able to access php.ini.
>
>
> Thanks,
>
> Peter
>[/color]

Change hosts. I would *never* host with someone running with
register_global s on.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**R. Rajesh Jeba Anbiah** · Oct 11 '05, 02:45 PM

Re: turn register_global s off?

peter wrote:[color=blue]
> My website is on a shared hosting setup, so I don't think I will be
> able to access php.ini.[/color]

PHP: Miscellaneous Questions - Manual

http://in2.php.net/faq.misc#faq.misc.registerglobals

Miscellaneous Questions

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

**peter** · Oct 11 '05, 07:45 PM

Re: turn register_global s off?

Hey Rajesh, thanks! I'll try that emulation tomorrow. Nothing else
has worked for me so far. I will consider your advice, Jerry, too.
Thanks!

Peter

**Tony Marston** · Oct 16 '05, 10:05 AM

Re: turn register_global s off?

"peter" <plaz987@yahoo. com> wrote in message
news:1128979066 .457516.106340@ f14g2000cwb.goo glegroups.com.. .[color=blue]
>I just took over the website at work. I am still learning PHP.
> Register_global s are on and the script appears to be coded to take
> advantage of this. I know how to recode the script, but am unsure how
> to turn them off when I am done. I have googled and came up with
> placing
>
> php_flag register_global s off
>
> in the .htaccess file.
>[/color]
The correct syntax is:

php_value register_global s 0

This will only work if your web host has actually configured Apache to look
in .htaccess files.

--
Tony Marston

Tony Marston's Web Site

http://www.tonymarston.net

This is Tony Marston's web site, containing personal information plus pages devoted to the Uniface 4GL development language, XML and XSL, PHP and MySQL, and a bit of COBOL

**peter** · Oct 16 '05, 02:05 PM

Re: turn register_global s off?

Thanks for the proper syntax, Tony. I'm having a hard time getting an
answer out of my hosting company. Is there any reason the hosting
company would object to configuring apache to look in the .htacess
file?

Peter

**Tony Marston** · Oct 16 '05, 07:25 PM

Re: turn register_global s off?

Some web hosting companies offer a limited service simply because they do
not know any better. Amongst their "substandar d" offerings are:
a) a version of PHP which is not the latest.
b) unwilling to include any of the optional PHP extensions.
c) PHP running in safe mode.
d) disallowing the option of htaccess files to change the Apache
configuration at account level.
e) Only one MySQL database.

These are things you should confirm with any hosting company before you sign
up with them. If your present hosting company is unwilling to offer a proper
service then I can only suggest you switch to another one.

--
Tony Marston

Tony Marston's Web Site

http://www.tonymarston.net

This is Tony Marston's web site, containing personal information plus pages devoted to the Uniface 4GL development language, XML and XSL, PHP and MySQL, and a bit of COBOL

"peter" <plaz987@yahoo. com> wrote in message
news:1129471062 .169333.130730@ g44g2000cwa.goo glegroups.com.. .[color=blue]
> Thanks for the proper syntax, Tony. I'm having a hard time getting an
> answer out of my hosting company. Is there any reason the hosting
> company would object to configuring apache to look in the .htacess
> file?
>
> Peter
>[/color]

**Philip Ronan** · Oct 16 '05, 11:35 PM

Re: turn register_global s off?

"Tony Marston" wrote:
[color=blue]
> e) Only one MySQL database.[/color]

Why's that such a problem?

--
phil [dot] ronan @ virgin [dot] net

http://vzone.virgin.net/phil.ronan/

**peter** · Oct 17 '05, 01:15 AM

Re: turn register_global s off?

Ok, Tony, thanks for your help!

Peter

turn register_globals off?

turn register_globals off?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment