Register Global Settings

The URI web server has the¬†register globals¬†setting turned off. This means that the source of the values for variables needs to be explicitly defined. When this setting is on, it is possible to use variables without knowing for sure where they come from and it can only be assumed that they are coming from the expected place. This setting specifically affects variables that come from global scope such as GET, POST and COOKIE variables (among others). For example: previously, if you had a login form on your page and the textbox name was username, the PHP variable you used to reference what was submitted could have been $username. The value in $username could have come from a GET or POST request. Now, however, you need to use something like $HTTP_POST_VARS[‘username’] or $_POST[‘username’]. This is better, because now you know for sure the variable is coming from a POST request. It is slightly more secure and harder for hackers to forge variables.

To upgrade your script to work with the new setting, the proper, secure way is to go through your code and initialize (at the beginning, or before the first use) the necessary variables to the appropriate array (and index, i.e. $username = $_POST[‘username’];). Alternately, for an immediate (temporary) solution, you could add the following code to the PHP files you are having problems with:import_request_variables(“GPC”); This code will take the GET, POST and COOKIE arrays and declare variables for every index in these arrays. So, $_POST[‘username’] would become $username in your PHP file, and your script would behave as it did before register globals was turned off.