Author Topic: The first PHP tip  (Read 483823 times)

December 14, 2007, 03:51:06 PM
  • Administrator
  • Full Member
  • *****
  • Posts: 7
    • View Profile

If you plan to use PHP applications on your site, my first advice to you is to make sure that the 'register_globals' option is disabled. That option is one of the easiest ways for a hacker to break into your site and gain full control over its contents.

To see what is your site's PHP configuration in general and in particular whether 'register_globals' is On/Off you should create a file 'phpinfo.php' with the following contents:

Code: [Select]

and upload it to your site.

Then open in the browser the URL to the 'phpinfo.php' script:

Search for 'register_globals' to go directly to the appropriate line.

In case 'register_globals' is On, ask your hosting provider to disable it.

I think it is a good idea to remove the 'phpinfo.php' file once you are done with it - no need to show to the world the details of your site's PHP configuration.

January 03, 2008, 08:07:09 PM
Reply #1
  • Guest

I have checked mine and it is on, this means I should turn it off. My hosting is with GoDaddy, so I should use their email support to ask them to turn it off?

Alex R

January 04, 2008, 07:24:36 AM
Reply #2
  • Administrator
  • Expert
  • *****
  • Posts: 90
    • View Profile
    • Ossoba Studio

No, you no need to ask them, because GoDaddy provide you with access (ftp) to the php.ini file from where you can disable the register_globals.


January 04, 2008, 03:29:47 PM
Reply #3
  • Guest

Oh ok, gotcha thanks. I am not fluent in PHP as you can see,  ;).

Alex R