Home > Backend Development > PHP Tutorial > PHP security-global variables and registration

PHP security-global variables and registration

黄舟
Release: 2023-03-05 22:38:02
Original
1461 people have browsed it


1. Global variable registration

If you can still remember the use of C to develop CGI programs in early WEB application development, You will definitely have a deep understanding of tedious form processing. When PHP's register_globals configuration option is turned on, complex raw form processing no longer exists and public variables are automatically created. It makes PHP programming easy and convenient, but it also brings security risks.

In fact, register_globals is innocent, it does not create vulnerabilities, and it requires developers to make mistakes. However, there are two main reasons why you must turn off register_globals when developing and deploying applications:

First, it increases the number of security vulnerabilities;

Second, it hides the source of the data, which goes against the developer’s responsibility to track data at all times.

All examples in this book assume that register_globals has been turned off and use super public arrays such as $_GET and $_POST instead. Using these arrays is almost as convenient as programming with register_globals turned on, and the slight inconvenience is worth it because it increases the security of your program.

Tips

If you must develop an application that is deployed in an environment where register_globals is turned on, it is important that you All variables must be initialized and error_reporting set to E_ALL(or E_ALL | E_STRICT) to warn about uninitialized variables. When register_globals is turned on, any use of uninitialized variables is almost always a security vulnerability.

The above is the content of PHP security-global variables and registration. For more related content, please pay attention to the PHP Chinese website (www.php.cn)!


Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template