register_globals

Have been receiving occasional emails that people couldn’t get past the login screen of the simple contacts app that accompanied my web database development article for MacWorld. Turns out that some people have manually upgraded their version of PHP beyond 4.12, which Jaguar ships with.

Great, but the gotcha is that later versions of PHP have register_globals turned off by default. This is a bummer for development convenience (the transparency of variable access has been something I’ve loved about PHP) but essential for security — now you have to carefully specify where a variable is expected to have originated — cookie, url, get, post, etc.

The upshot is that if you upgrade PHP, you have two choices:

1) Override the new default by setting register_globals=on in /usr/lib/php.ini, or

2) modify all your web apps (The original announcement and explanation from php.net is here.

I’ve updated the sample contacts database to accommodate installations with register_globals=off, which is the newer, shinier, safer way to do it.

Music: Beth Orton :: Sweetest Decline

2 Replies to “register_globals”

  1. Hey Scott:
    Been using an “AMP” rig on my XServe with OSX 10.2.4 but can’t get the email function happening. The only info I can find is Windows related, saying I should modify the “SMPT = localhost” line to “SMPT = mail.somewhere.edu” (i.e. the ISP for mail on my network). Is this right for OSX Server? I don’t have a php.ini. Where is it on OSX Server? (which resides in a different location than OSX).

  2. Hank, you have two choices:

    1) Either create a php.ini at /usr/lib/php.ini and enter an SMTP server there

    2) Enable sendmail on your system and get it functioning properly. Then email from PHP will work properly.

    #2 can be a small can of worms — look for articles on setting up sendmail under OS X on the O’Reilly Network for assitance. This problem went away for me because I chose to purchase CommuniGate Pro, which replaces the functionality of sendmail.

    Also note that my experience is under OS X, not X Server.

Leave a Reply

Your email address will not be published. Required fields are marked *