Website Design > Web design and coding tips

The first PHP tip

(1/1)

yuri:
If you plan to use PHP applications on your site, my first advice to you is to make sure that the 'register_globals' option is disabled. That option is one of the easiest ways for a hacker to break into your site and gain full control over its contents.

To see what is your site's PHP configuration in general and in particular whether 'register_globals' is On/Off you should create a file 'phpinfo.php' with the following contents:


--- Code: ---<?php
phpinfo();
?>
--- End code ---

and upload it to your site.

Then open in the browser the URL to the 'phpinfo.php' script: http://www.yoursite.com/phpinfo.php

Search for 'register_globals' to go directly to the appropriate line.

In case 'register_globals' is On, ask your hosting provider to disable it.

I think it is a good idea to remove the 'phpinfo.php' file once you are done with it - no need to show to the world the details of your site's PHP configuration.

Agrunyan:
I have checked mine and it is on, this means I should turn it off. My hosting is with GoDaddy, so I should use their email support to ask them to turn it off?

Thanks,
Alex R

ognen:
No, you no need to ask them, because GoDaddy provide you with access (ftp) to the php.ini file from where you can disable the register_globals.

---
ognen

Agrunyan:
Oh ok, gotcha thanks. I am not fluent in PHP as you can see,  ;).

Alex R

Navigation

[0] Message Index