Ossoba Design Studio

Website Design => Web design and coding tips => Topic started by: yuri on December 14, 2007, 03:51:06 PM

Title: The first PHP tip
Post by: yuri on December 14, 2007, 03:51:06 PM
If you plan to use PHP applications on your site, my first advice to you is to make sure that the 'register_globals' option is disabled. That option is one of the easiest ways for a hacker to break into your site and gain full control over its contents.

To see what is your site's PHP configuration in general and in particular whether 'register_globals' is On/Off you should create a file 'phpinfo.php' with the following contents:

Code: [Select]
<?php
phpinfo
();
?>

and upload it to your site.

Then open in the browser the URL to the 'phpinfo.php' script: http://www.yoursite.com/phpinfo.php

Search for 'register_globals' to go directly to the appropriate line.

In case 'register_globals' is On, ask your hosting provider to disable it.

I think it is a good idea to remove the 'phpinfo.php' file once you are done with it - no need to show to the world the details of your site's PHP configuration.
Title: Re: The first PHP tip
Post by: Agrunyan on January 03, 2008, 08:07:09 PM
I have checked mine and it is on, this means I should turn it off. My hosting is with GoDaddy, so I should use their email support to ask them to turn it off?

Thanks,
Alex R
Title: Re: The first PHP tip
Post by: ognen on January 04, 2008, 07:24:36 AM
No, you no need to ask them, because GoDaddy provide you with access (ftp) to the php.ini file from where you can disable the register_globals.

---
ognen
Title: Re: The first PHP tip
Post by: Agrunyan on January 04, 2008, 03:29:47 PM
Oh ok, gotcha thanks. I am not fluent in PHP as you can see,  ;).

Alex R