How to Enable register_globals in php using .htaccess

By | January 28, 2010

As you should already know, register_globals is a php.ini directive that manages the way PHP deals with variables. It has been deprecated for security issues and we won’t see it in PHP 6.0. If the deprecated register_globals directive is on (removed as of PHP 6.0.0), then variables_order also configures the order the ENV, GET, POST, COOKIE and SERVER variables are populated in global scope. So for example if variables_order is set to “EGPCS”, register_globals is enabled, and both $_GET[‘action’] and $_POST[‘action’] are set, then $action will contain the value of $_POST[‘action’] as P comes after G in our example directive value. This is extremely insecure and it is not recommended to enable this directive.

But if you really need it (for example, you need to transfer an old-made site to your server and make it working until all the variables are changed), you may enable it using an .htaccess file. This way register_globals will be active just for one site. Here is the string you need to add to your .htaccess file:

php_value register_globals 1

I wish you to change all the variables as soon as possible, but you may use my solution until then :)