When register_globals is enabled, PHP will automatically create variables in the global scope for any value passed in GET, POST or COOKIE. This, combined with the use of variables without initialization, has lead to numerous security vulnerabilities. Since application developers should be aware when accessing tainted user input, it is better practice to access the variables through their respective super globals.


You can disable register_globals from php.ini or .htaccess.

register_globals = 'off'

php_flag register_globals off

Related Vulnerabilities