When the “register_globals=on”
register_globals will supply all the variables to the script. Any one can initialize the variables and send a fake variable over the script and php would not realize where this come from.
I have a similar site that was working fine before we had it moved to another server.
We were using variables which need not be defined or need not be fetched using $_POST, $_REQUEST, or $_GET but still we receive their values because the register_globals were ON in php.ini file.
After we moved the files to the new secure server. The admin site stopped functioning. The admin could not add a new report , and kept on clicking on the add link but the add report page never loaded.
I kept wondering what might be the problem, finally checked the php.ini file where i found that the
register_globals was turned OFF.
After doing a bit research I found that I had to enable the register_globals and this is what I did.
– Created an .htaccess file in my virtual directory
– And wrote the following :
php_value register_globals 1
– It enabled the global variables and it started working as before .