g., GET or POST)
causes a new variable in the global scope of that means ($_GET['sessionid'] or
$_POST['sessionid']). In Chapter 3, the section on PHP??™s superglobal variables offers
a thorough introduction to external variables of the COOKIE, ENVIRONMENT, GET, POST,
and SERVER types.
42 CHAPTER 2 ?– CONFIGURING YOUR ENV IRONMENT
Although disabling register_globals is unequivocally a good idea, it isn??™t the only
factor you should keep in mind when you secure an application. Chapter 21 offers
more information about PHP application security.
?– Note The register_globals feature has been a constant source of confusion and securityrelated
problems over the years. Accordingly, it is no longer available as of PHP 6.
register_long_arrays = On | Off
Scope: PHP_INI_SYSTEM; Default value: On
This directive determines whether to continue registering the various input arrays
(ENVIRONMENT, GET, POST, COOKIE, SYSTEM) using the deprecated syntax, such as
HTTP_*_VARS. Disabling this directive is recommended for performance reasons.
?– Note The register_long_arrays directive is no longer available as of PHP 6.
register_argc_argv = On | Off
Scope: PHP_INI_SYSTEM; Default value: On
Passing in variable information via the GET method is analogous to passing arguments
to an executable. Many languages process such arguments in terms of argc
and argv. argc is the argument count, and argv is an indexed array containing the
arguments.
Pages:
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125