Author Topic: The first PHP tip (Read 483823 times)

yuri · December 14, 2007, 03:51:06 PM

If you plan to use PHP applications on your site, my first advice to you is to make sure that the 'register_globals' option is disabled. That option is one of the easiest ways for a hacker to break into your site and gain full control over its contents.

To see what is your site's PHP configuration in general and in particular whether 'register_globals' is On/Off you should create a file 'phpinfo.php' with the following contents:

Code: [Select]

<?php
phpinfo();
?>

and upload it to your site.

Then open in the browser the URL to the 'phpinfo.php' script: http://www.yoursite.com/phpinfo.php

Search for 'register_globals' to go directly to the appropriate line.

In case 'register_globals' is On, ask your hosting provider to disable it.

I think it is a good idea to remove the 'phpinfo.php' file once you are done with it - no need to show to the world the details of your site's PHP configuration.

Agrunyan · January 03, 2008, 08:07:09 PM

I have checked mine and it is on, this means I should turn it off. My hosting is with GoDaddy, so I should use their email support to ask them to turn it off?

Thanks,
Alex R

ognen · January 04, 2008, 07:24:36 AM

No, you no need to ask them, because GoDaddy provide you with access (ftp) to the php.ini file from where you can disable the register_globals.

---
ognen

Agrunyan · January 04, 2008, 03:29:47 PM

Oh ok, gotcha thanks. I am not fluent in PHP as you can see,

.

Alex R

Ossoba Design Studio

Author Topic: The first PHP tip (Read 483823 times)

yuri

The first PHP tip

Agrunyan

Re: The first PHP tip

ognen

Re: The first PHP tip

Agrunyan

Re: The first PHP tip