Web Development Support
    General Info   Cool Tools
    Getting Started   Troubleshooting
    Design & Promotion   Feedback
 

Search this site:


view site map
 

Changes to PHP on ITC-maintained web servers

Overview

register_globals is a PHP setting that controls availability of variables that have been submitted by a user to a PHP script (such as data posted from a form, URL-encoded data, or data from cookies). In earlier releases of PHP, register_globals was set to "on", which made for easier, but less secure coding.

ITC is currently in the process of upgrading various web servers to PHP 4.2.1, which has register_globals set to "off". While coding in this environment is slightly more cumbersome, there are substantial security benefits. You may read more about this change in the PHP 4.1.0 Release Announcement.

If you have received notice that your web server is being upgraded and you currently maintain a site that contains PHP, you need to choose from the following two options:

  • To continue using global variables, you will need to follow the instructions for setting up a .htaccess file.
  • If you want to rewrite your code so that it does not rely on global variables (this is strongly encouraged for security reasons), please see the examples section.

If you do not implement one of the above options, your site will likely not work after the upgrade.

Setting up a .htaccess file

If you want to continue using global variables, you will need to create a .htaccess file in your site's main directory (or the main directory of your site that contains PHP scripts). Your .htaccess file should contain the following line:

php_flag register_globals on

We recommend that you create the .htaccess file by logging into your site with SecureCRT, Nifty Telnet, or another telnet application and using a Unix editor (such as pico, jove, vi, or emacs). Windows and Macintosh editors often insert special characters that may corrupt the .htaccess file and make your site unreachable.

Examples of PHP with register_globals set to "off"

The following examples demonstrate how to work with user-submitted data in an environment where register_globals is set to "off". The developers of PHP strongly encourage coding in this way. For more complete documentation, please see the PHP 4.1.0 Release Announcement.
 

Web Development Support | General Info | Getting Started | Design & Promotion
Cool Tools | Troubleshooting | Feedback

If you need further assistance with Web applications or questions, send e-mail to web-consult@virginia.edu or call the ITC Help Desk at 924-3731.

 

© 2008 by the Rector and Visitors of the University of Virginia.

The information contained on the University of Virginia’s Department of Information Technology and Communication (ITC) website is provided as a public service with the understanding that ITC makes no representations or warranties, either expressed or implied, concerning the accuracy, completeness, reliability or suitability of the information, including warrantees of title, non-infringement of copyright or patent rights of others. These pages are expected to represent the University of Virginia community and the State of Virginia in a professional manner in accordance with the University of Virginia’s Computing Policies.