register_globals OFF OR ON

[rmxs]

Hello,
Simple question

register_globals its safe on or off..

off its difficult for mysql injections.

On not..

By when its off there is something that maybe dont work correct?

 

[Dravu]

Any secure script should be able to work with register_globals off. It's a horrible habit. I'd go ahead and turn it off. Note though that while disabling register_globals does help prevent some methods of SQL Injection, it still doesn't make the injections completely impossible to do. Turning register_globals off is just stopping one method. You have to make sure your scripts are also protected against other methods.

 

[rmxs]

Thanks for your reply.
Yes one this method can make more secure servers.

 

[tsiou]

The most common problem you may see is from custom insecure php scripts that use $variablename instead of $_POST[variablename] when posting data.
This means that form data will be processed as null fields.