» 
Help
Desk
2. How do I CHMOD a File or Folder?
3. How do I set up a MySQL Database, Username, and Password?
5. Block Spambots via .htaccess Files.
6. How to begin building your website?
7. How do I register and set up a domain name?
8. How do I set up POP3 mail and Webmail on my account?
9. How can PHP code work when globals=off?
This tutorial is relevant to webmasters who either write their own PHP code, or install scripts that use PHP. Webmasters that have only HTML websites, utilizing simple javascript and images, are not affected by the globals=on/off issue.
The PHP scripting language has the 'globals' setting to On by default. This means that scripts written in PHP can use any variables that are available, including some that may be injected by malicious parties. These days, more and more web hosting companies are turning the 'globals' setting to off, and Crossmap.net is no exception. This tutorial will show you how to update your PHP code to work in a globals=off environment.
Step 1: Understand the difference between globals=on and globals=off
When your PHP code accesses variables, the variables can be defined from a variety of places. Ideally, the variables will come from within the script itself, or from accepted external protocols (GET, POST, COOKIE, SESSION, etc). Problems arise if a malicious person tries to pass unauthorized variables into your script that you do not intend. For instance, they can use the URL to pass unauthorized variables, or use bad cookies to pass unauthorized variables. This is a problem if the globals option is off.
When hackers are able to introduce variables into unsecure code, they can potentially upload other files and programs, including Trojans that can take control of the server.
Step 2: Use proper code to access your variables for use in your script.
If the globals value is set to on, then simply calling $variable in your script could refer to a variety of sources: $_COOKIE['variable'], $_SESSION['variable'], $_GET['variable'], $_POST['variable'].
This issue usually comes up when one is using a form to send data from one page to the next. If globals is on, then the below code could access the variable sent from the form:
// The variables sent are called 'name_first' and 'name_last.'If globals is set to off, the below code can be used to access the passed form variables:
$name_full = $name_first." ".$name_last;
Print $name_full; //Returns the full name
// The variables sent are called 'name_first' and 'name_last.'
// $_POST is a protocol for forms, $_GET would be used to get variables from the URL, $_COOKIE for cookie variables, and $_SESSION for session variables.
$name_first = $_POST['name_first'];
$name_last = $_POST['name_last'];
$name_full = $name_first." ".$name_last;
Print $name_full; //Returns the full name
POST and GET are both acceptable send methods for
forms, and using $_POST and $_GET will access the
variable depending on the method used. $_REQUEST can
also be used, which accesses $_POST and $_GET.
Conclusion: Code for the globals=off environment
We understand that it is a hassle to make changes
to code when it has already been written. However,
this style of coding is in line with established languages,
and represents the foundation of wise code-writing.
Please feel free to submit a help ticket if you have
further questions about working in a globals=off environment.
10. How do I move from my old host to Crossmap.net?