THINGS TO WATCH OUT FOR ::

Register Globals   Magic Quotes

Since PHP 4.2 was released, 'Register Globals' have been switched off by default for security reasons. If you are aware of the risks involved and you have access to the php.ini file, you can turn them back on (although this is NOT recommended).

If you don't have access to the php.ini file you might still be able to override this setting by placing this in a notepad file, saving it as php.ini and placing it in your root directory.

Or in this in .htaccess

Note -- it's 'possible' that all hosts will turn these globals OFF at some point in the future.

What's the impact of this ?

With REGISTER_GLOBALS turned ON, you may unknowingly introduce a security risk in your script which allows a user to change a value.

In contrast, turning them OFF does not automatically make scripts secure. But it does mean, for instance, that posted form values have to be assigned on the receiving page.

The 7 new superglobals were introduced in PHP 4.1

$_POST
$_GET
$_COOKIE
$_ENV
$_SESSION
$_SERVER
$_REQUEST

If your version of PHP is pre 4.1 then use the following in place of the superglobals (but be aware they are deprecated and may therefore be phased out in later versions):

$HTTP_POST_VARS
$HTTP_GET_VARS
$HTTP_COOKIE_VARS
$HTTP_ENV_VARS
$HTTP_SESSION_VARS
$HTTP_SERVER_VARS

Two notes on this:

a) $HTTP_SERVER_VARS and $_SERVER are not exactly equivalent.

b) There is no equivalent for $_REQUEST prior to PHP 4.1

With Register Globals OFF, the following will not work:

page2.php
 

... because on the receiving page, the above variable $membername will be undefined:

Although the new method will work OK:

 

TIP - do *everything* assuming Register Globals are OFF.

Next: Magic Quotes