diff --git a/chapters/config.xml b/chapters/config.xml index 38c44a9018..c25db85031 100644 --- a/chapters/config.xml +++ b/chapters/config.xml @@ -1,5 +1,5 @@ - + Configuration @@ -710,23 +710,37 @@ include_path=".;c:\www\phplib" Tells whether or not to register the EGPCS (Environment, GET, - POST, Cookie, Server) variables as global variables. You may - want to turn this off if you don't want to clutter your - scripts' global scope with user data. This makes the most - sense when coupled with track_vars - in which case - you can access all of the EGPCS variables through the - $_ENV, - $_GET, - $_POST, - $_COOKIE, and - $_SERVER - arrays in the global scope. + POST, Cookie, Server) variables as global variables. For example; + if register_globals = on, the url + http://www.example.com/test.php?id=3 will produce + $id. Or, $DOCUMENT_ROOT from + $_SERVER['DOCUMENT_ROOT']. You may want to turn + this off if you don't want to clutter your scripts' global scope with + user data. As of PHP 4.2.0, + this directive defaults to off. It's preferred to + go through PHP Predefined Variables + instead, such as the + superglobals: + $_ENV, $_GET, + $_POST, $_COOKIE, and + $_SERVER. Please read the security chapter on + Using register_globals + for related information. - Please note that you need to set AllowOveride All in your - Directory block in the apache config file for this to work. + Please note that register_globals + cannot be set at runtime (ini_set). Although, you can + use .htaccess if your host allows it as described + above. An example .htaccess entry: + php_flag register_globals on. + + + register_globals is affected + by the variables_order + directive. + +