The difference between OFF and ON parameters of php register_globals

when register_globals= When Off, the next program should use $_GET['user_name'] and $_GET['user_pass'] to accept the passed value. (Note: When the method attribute of

is post, you should use $_POST['user_name'] and $_POST['user_pass'])

When register_globals=On, the next program can directly use $user_name and $user_pass to accept values.

In other words, register_globals is registered as a global variable, so when it is On, the passed value will be directly registered as a global variable and used directly, and when it is Off, we need to get it in a specific array. Therefore, if you encounter the above problems of not being able to get the value, you should first check whether the register_globals setting matches your method of obtaining the value. Note: You can use the phpinfo() function or directly view php.ini.

The reasons for using Off are as follows: 1. New versions of PHP will use Off by default. Although you can set it to On, when you cannot control the server, the compatibility of your code becomes a big problem, so you'd better start now. Start programming with Off style 2. Reference articles: http://bbs.it-home.org/shouce/php5/security.globals.html

Question: What to do with the large number of scripts previously written in On style? It depends on how your early script planning goes. If there is a public include file, such as config.inc.php, add the following code to this file to simulate it.

 if ( !ini_get('register_globals') )
 {
 extract($_POST);
 extract($_GET);
 extract($_SERVER);
 extract($_FILES) ;
 extract($_ENV);
 extract($_COOKIE);

 if ( isset($_SESSION) )
 {
 extract($_SESSION);
 }
 }
?>

The situation of register_globals = Off not only affects how to obtain the data passed from

and url, but also affects session and cookie. Correspondingly, the method of obtaining session and cookie should be: $_SESSION[], $_COOKIE. At the same time, there are some changes in session handling. For example, session_register() is unnecessary and invalid. For specific changes, please check the Session handling functions in the PHP manual.

The content in the middle of $_REQUEST actually comes from $_GET $_POST $_COOKIE. The disadvantage is that it is impossible to determine whether the variable comes from get post or cookie, which is not suitable for occasions with strict requirements.

Just this little knowledge about register_globals is so extensive and profound. Excellent PHP is really extraordinary.