Using a text editor create a file called php.ini. This will be our first step.

Next, we need to add the following line of code in php.ini
register_globals = off

Upload php.ini file to the root folder where your application resides.

PHP Global Variables
Environment variables, GET, POST, Server, Cookie variables are knows as Global Variables.

When register_globals directive is turned ON (like what most ISP’s did), you can access/set the global variables like $username, $password instead of $_POST["username"], $_POST["password"].

To turn OFF register global variables, you can add a setting to .htaccess like …
php_flag register_globals off

What is the harm when register_globals is turned ON?

Take the below code for example.

Program: displayuser.php

If register_global is turned ON, you can display the confidential data from the above program by accessing http://www.yoursite.com/displayuser.php?isValidUser=1

So is the case with the other global variables. This is because in PHP we needn’t have to initialize variables in our program before its access.

How to find if register_globals is turned ON/OFF?

Two easy methods …

i) from phpinfo() function which will display a whole load of data on your environment

ii) by declaring a having a form data or session data declared in one page and trying to set the variable ON/OFF in the second page via querystring

REMEMBER: From PHP 6 register global directive will be REMOVED. So do not depend on it in your programs.

Two things to remember for beginners!
i) initialize variables
ii) validate EVERY user input