PHP REGISTER_GLOBALS turned off? Hack It Back

REGISTER_GLOBALS is a PHP directive that, when enabled, automatically initialises variables with the values from forms, sessions, GET etc.

For example, the data in a login form with the input fields named “username” and “password” will automatically be available as $username and $password.

REGISTER_GLOBALS is, in my opinion, very bad practice and should be avoided – but that is a separate debate.

If you are moving a web application or PHP is upgraded/changed, and you have no control over the configuration of REGISTER_GLOBALS, the following hack will help:

foreach ($_GET as $key => $item) {
$$key = $item;

This will loop through each GET value and assign it to a local variable. You can use this same logic for $_POST, $_SESSION etc., by replacing $_GET in the foreach loop.

This code is intended for applications that need a temporary solution, are in a closed environment or are in testing.

I do not recommend using REGISTER_GLOBALS or this hack in a public application.

NOTE: Before PHP 4.2.0, REGISTER_GLOBALS was set to ON by default. Most hosts will now have REGISTER_GLOBALS disabled.


2 Responses

  1. Hi,

    naming vars like this is a great and easy way to bypass the directive.

    But these kind of fixes have the result that people doesn’t program for modern web server (PHP5).

Leave a Reply

Your email address will not be published.

More Posts

How to use PHP Type Declarations

PHP has developed into a more strictly typed language in recent years. Type Declarations help with that and are a fairly new addition to PHP,


If you have come to JavaScript from a background in Java or C, then you will like the variation on the for loop. It is

Context Object Manipulation

One of the key concepts of JavaScript is the keyword this, which signifies the JavaScript context object. If you write an inner function, you can access

Polymorphic Functions

It is possible to define multiple functions with the same name in JavaScript, and the last one of those that you define will be the