[Wolves] PHP global variables

Stuart Langridge sil at kryogenix.org
Tue Sep 6 15:36:14 BST 2005

> How important is the 'security issue' with global variables in php?
> I've just realised that over half my scripts still rely on globals=on
> (having 'broke' them with a php re-install before I remembered
> to tujrn globals back on).
> Is it really worth the effort of re-writing scripts to sort this out?

Depends. If you're using any variables anywhere without having first
initialised them to a known value, and relying on PHP having
initialised them to zero or the empty string, then anyone can break
your code by explicitly specifying that variable in the URL even
though you weren't expecting them to. This is conceivably a very big
problem, but it depends on your code.


More information about the Wolves mailing list