Publishers of technology books, eBooks, and videos for creative people

Home > Articles > Web Design & Development > PHP/MySQL/Scripting

  • Print
  • + Share This
This chapter is from the book

The Register Globals Problem

The last of the three major configuration changes in PHP is the most serious (and has been a real bugaboo to readers of this book's first edition and nearly every beginning PHP programmer). As of version 4.2 of PHP, the creators decided to change one of the most important settings, called register_globals.

If register_globals is turned on (which was the case in versions of PHP prior to 4.2), form data is automatically stored in variables with simple names like $name and $email. In other words, the form data is registered as a global variable in the script. If register_globals is turned off (as you might have witnessed), these variables aren't automatically assigned the form values and are therefore blank.

There are two ways to combat this issue:

  • Turn register_globals back on (see the "Configuring PHP" section of Appendix A for more information).
  • Refer to the form data using a different set of variables.

While the first method will certainly work, the latter is far and away the better choice. It's more secure, more exacting, and what you're likely to see in real-world applications.

You'll try the second method by rewriting the print() statements, replacing each occurrence of a variable ($var) with {$_POST ['var']}. $_POST refers to an array of data sent to the page via the POST method (because the form uses POST), which is automatically global and therefore doesn't need to be registered. The curly braces are used to avoid parse errors in the print() statements. The syntax, and the reasoning behind why it works, will make much more sense after you read Chapter 7, "Using Arrays."

Script 3.7. To combat register_globals being off, you need to use special variables like $_POST.

1   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML
    1.0 Transitional//EN"
2   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-
    transitional.dtd">
3   <html xmlns="http://www.w3.org/1999/xhtml">
4   <head>
5       <meta http-equiv="content-type"
        content="text/html; charset=
        iso-8859-1" />
6       <title>Your Feedback</title>
7   </head>
8   <body>
9   <?php // Script 3.7 - handle_form.php
    (fourth version after Scripts 3.4, 3.5,
     and 3.6)
10
11  ini_set ('display_errors', 1); // Let me
    learn from my mistakes.
12  error_reporting (E_ALL & ~ E_NOTICE); //
    Don't show notices.
13
14  // This page receives the data from
    feedback.html.
15  // It will recieve: title, name, email,
    response, comments, and submit.
16
17  // Adjust for register_globals being off.
18  print "Thank you {$_POST['title']}
    {$_POST['name']} for your comments. <br
    />";
19  print "You stated that you found this
    example to be {$_POST['response']} and
    added: {$_POST['comments']}";
20
21  ?>
22  </body>
23  </html>

To adjust for register_globals:

  1. Open handle_form.php (Script 3.6) in your text editor.
  2. Replace the two print lines with the following (Script 3.7):

    print "Thankyou{$_POST['title']}
    → {$_POST['name']} for your comments.
    → <br/>";
    print "You stated that you found this
    → example to be {$_POST['response']}
    → and added: {$_POST['comments']}";

    To get this particular script to work without register_globals, you needed to change the variable references from, for example, $name to {$_POST['name']}. The reasoning behind this change will make more sense later, if it doesn't already.

  3. Save the file, upload it to your server, and test it again in your Web browser (Figures 3.15 and 3.16).
    Figure 3.15

    Figure 3.15 Once again, the form...

    Figure 3.16

    Figure 3.16 ...and it will now work without the need for register_globals.

  • + Share This
  • 🔖 Save To Your Account