Website Design > Web design and coding tips

The first PHP tip


If you plan to use PHP applications on your site, my first advice to you is to make sure that the 'register_globals' option is disabled. That option is one of the easiest ways for a hacker to break into your site and gain full control over its contents.

To see what is your site's PHP configuration in general and in particular whether 'register_globals' is On/Off you should create a file 'phpinfo.php' with the following contents:

--- Code: ---<?php
--- End code ---

and upload it to your site.

Then open in the browser the URL to the 'phpinfo.php' script:

Search for 'register_globals' to go directly to the appropriate line.

In case 'register_globals' is On, ask your hosting provider to disable it.

I think it is a good idea to remove the 'phpinfo.php' file once you are done with it - no need to show to the world the details of your site's PHP configuration.

I have checked mine and it is on, this means I should turn it off. My hosting is with GoDaddy, so I should use their email support to ask them to turn it off?

Alex R

No, you no need to ask them, because GoDaddy provide you with access (ftp) to the php.ini file from where you can disable the register_globals.


Oh ok, gotcha thanks. I am not fluent in PHP as you can see,  ;).

Alex R


[0] Message Index

Go to full version