"Robby Russell" <[EMAIL PROTECTED]> wrote in message
> On Mon, 2004-08-09 at 20:45, Sukanto Kho wrote:
> > Hi all,
> >
> > My php files run well in my local PC
> > but some of PHP and mysql script just getting error when running in
webhosting server.
> >
> > I found out that the problem is in the way webhosting server handling
global variable.
> > for example :
> >     In my local PC : $_GET['var'] is different with $var
> >     but in webhosting server : $GET['var'] is the same with $var... I
don't need to declare $var=$_GET['var'] 'cause $var is the same with
> >
> > Anyone have such a problem before?
> >
> > Thanx
> >
> > By regard;
> > Flame
> Yes, you will need to turn off global variables.
> You can do this (if using Apache), add a file to your main web directory
> called, .htaccess.
> An example .htaccess entry: php_flag register_globals on.
> Then try.... then find another webhost as that's a lame/insecure setting
> to have set to On. ;-)
> -Robby

register_globals itself is no direct security hole - it's the way the
application is handling the data that might be insecure.

ISPs that have been offering PHP for years just CANNOT turn off
register_globals easily as it could break the code of thousands of their
clients. You shouldn't judge an ISP from their register_globals setting ;)

Regards, Torsten Roehr

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to