register_globals is Back - PHP Implementation

Web-hosting business can now be started for just $19.95 with unlimited resources. Start your own.

As of PHP 5.4, the register_globals feature has been removed [1] from php. If you still need the feature, this post is for you.

What is register_globals?

register_globals is an internal PHP setting (a php.ini directive) that registers
super global array's elements as variables. For example if you submit a value in a form, via POST or GET request methods, with an input field name username, PHP will automatically register a variable
and assign it value of the input field username.

Why register_globals was removed?

PHP is not a very strict language. If you make mistakes, it often leaves you with Notices and Warnings without stopping execution, unless a very serious problem occurs. PHP lets you use uninitialized variables and issues just a Notice that is not displayed by PHP (unless you enable strict error reporting). A script that follows anything less than very strict coding style, is exposed to security threats and bugs if the feature register_globals is enabled [2].

register_globals Alternative

It is highly recommended that you do not use register_globals because it allows anyone to inject variables into your script. But, for the fact that most of the developers that use register_globals develop simple websites that often do not have an authentication system, or other features that should make them conscious for their choice about secure methods and practices, I have decided to write a simple script that can help them implement similar feature again in PHP. Here is the script. You can copy it anywhere in your page:

  1. function register_global_array( $sg ) {
  2.     Static $superGlobals    = array(
  3.         'e' => '_ENV'       ,
  4.         'g' => '_GET'       ,
  5.         'p' => '_POST'      ,
  6.         'c' => '_COOKIE'    ,
  7.         'r' => '_REQUEST'   ,
  8.         's' => '_SERVER'    ,
  9.         'f' => '_FILES'
  10.     );
  12.     Global ${$superGlobals[$sg]};
  14.     foreach( ${$superGlobals[$sg]} as $key => $val ) {
  15.         $GLOBALS[$key]  = $val;
  16.     }
  17. }
  19. function register_globals( $order = 'gpc' ) {
  20.     $_SERVER;       //See Note Below
  21.     $_ENV;
  22.     $_REQUEST;
  24.     $order  = str_split( strtolower( $order ) );
  25.     array_map( 'register_global_array' , $order );
  26. }
PHP Code

And then call this function at the start of your page, or call it when you want to use the feature.
  1. register_globals( );
PHP Code

You can also choose which Super Global Arrays to use for registering variables.
  1. register_globals( 'GPCFRES' );
PHP Code

Where G stands for _GET, P for _POST, C for _COOKIE, F for _FILES, R for _REQUEST, E for _ENV and S for _SERVER.

If you use HTML form field name that cannot be used as a PHP variable name, this function still registers a variable, but you will have to use that variable dynamically.
  1. echo ${'1_invalid_name'};
  2. echo ${'another-invalid-variable-name'};
PHP Code

And one last thing, did you notice the unnecessary use of
in the above code on Line 20? The use is not unnecessary actually. Read this Interesting Super Globals post for details on this.

  1. High Performance Hosting is now $3.96 a month
  2. Insecure PHP Constants and Variables
  3. How to validate ASCII Text - PHP
  4. Implementing QuickSort in PHP
  5. Interesting Use of PHP Super Globals
  6. Remove undesired characters with trim_all() - PHP

© 2012-2017 - Scripts - Twitter