• On a mission to learn everything.
• Home
• About
• Contact
• Art
• Language
• Programming
• Video Blog

PHP Day 10: Security Issues with Superglobals and register_globals

Tags: PHP, Programming, Video | Series: PHP Basics

This six-minute video explores the security issues and differences between the superglobals $_GET, $_POST, and $_REQUEST, as well as the problematic register_globals option.

Click To Play

Links for PHP Day 10: Security Issues with Superglobals and register_globals

Security issues and differences between superglobals $_GET, $_POST, and $_REQUEST:

• PHP Get - Overview of the $_GET superglobal array.
• PHP Post - Overview of the $_POST superglobal array.
• Essential PHP Security Chapter 2 - Forms and URLS (PDF file) - A free sample chapter from the book Essential PHP Security by Chris Shiflett. I didn’t understand all of it, but it has some great explanations and examples of several exploits.

About register_globals:

• Programming: PHP: Register Globals - A short overview of the problem with register_globals.
• PHP: Using Register Globals - More details from the security section of the PHP manual.

Turning off register_globals:

• Using a php.ini File - A good, basic overview.
• .htaccess Tutorial - General info on the .htaccess file.
• To turn off register_globals through the .htaccess file, just write “php_flag register_globals off” in it.

Originally I planned to cover PHP security in one video, but then I ended up spending half my day yesterday just reading about PHP security issues! Needless to say, I’ll be revisiting this topic.

Posted on February 14th, 2007 | Leave a comment | Trackback URL

3 Comments

1. artcoder
   

   June 30th, 2008

   This is a great tutorial. I love how all the main salient information in presented so concisely.

2. Ultra Lean Green
   

   July 31st, 2008

   Couldn’t get the htaccess link on your site to work.

3. Rick Morris
   

   July 13th, 2009

   Your tutorials are great and really helped with the superglobal concept. I have one question. I created several scripts that insert and retrieve data from a mySQL database. In my php.ini file, when I have register_globals set to on everything works fine but, I would really like to turn them off. But, when I do, I cannot set or retrieve from my database. I know I need to use superglobals but could you give me an example of how I need to change my code. Here is an example of my code:

   I sure could use your help. Thanks in advance

Share Your Thoughts

Subscribe

Get notified of every new tutorial as soon as it's posted! Subscribe via RSS or via email:

PHP Basics

One day at a time, this series of 15 videos shows how I learned the basics of PHP, my first programming language.

• PHP Day 1: Getting Started
• PHP Day 2: Strings and Variables
• PHP Day 3: Numbers and Operators
• PHP Day 4: Functions
• PHP Day 5: Arrays
• PHP Day 6: Booleans, More Operators, and Conditional Statements
• PHP Day 7: Loops and Even More Operators
• PHP Day 8: Including Files
• PHP Day 9: Using PHP with HTML Forms
• PHP Day 10: Security Issues with Superglobals and register_globals
• PHP Day 11: Functions for Form Input Security
• PHP Day 12: Basics of Regular Expressions
• PHP Day 13: Date and Time Functions
• PHP Day 14: Cookies
• PHP Day 15: Sessions

Home | About | Contact
Powered by WordPress | Work-in-progress design by LearningNerd
Entries (RSS)