I’m not a PHP developer but i’ve seen in a couple of places that people seem to treat it like the plague or something. Why?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m not a PHP developer but i’ve seen in a couple of places that people seem to treat it like the plague or something. Why?
REGISTER_GLOBALSmeans that all variables passed through GET or POST are avilable as global variables in your script. Since accessing undeclared variables is not an error in PHP (it’s a warning), it can lead to very nasty situations. Consider this, for example:It is not a bad thing per se (well engineered code should not generate warnings, therefore should not access any variables that might be undeclared (and should not need
REGISTER_GLOBALSfor the same reason)), but PHP code is usually [very] low quality, leading to this kind of security holes.