Tuesday 7 October 2014

PHP Register Globals

PHP Register Globals

register_globals is  PHP Setting, In which it registers the GET/POST array's elements as variables.

For example, If URL is /index.php?name=php-tutorial-php, when you echo $name; It will print the value i.e php-tutorial-php (if register_globals is ON). Same applicable to POST methods also.

When register_globals is ON you need not to extract the value of GET/POST explicitly, variable values are available with the element-Name.

Example with POST Data (if register_globals is ON)
If you post following data
    [name] => php-tutorial-php
    [description] => Web Technology Experts Notes
echo $name;//php-tutorial-php
echo $description;//Web Technology Experts Notes

For Example COOKIE Data(if register_globals is ON)
$_SESSION[value] = 123;
$value = 'This is session value';
echo $_SESSION[value]; //This is session value

When register_globals=on, anything passed via $_GET / $_POST / $_SESSION / $_COOKIE automatically appears to be global variable, this can might have security consequences. Due to this register_globals has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.

If you are using lower than php5.4 version, It's highly recommended you should set off the value of register_global.