You are Here: FAQ ->Scripting and Programming Languages->PHP->Article #18


Disabling global variables


The following will disable global variables on root servers, managed servers, and shared hosting.
This will help prevent PHP injection attacks.

.htaccess

# Offers protection during hacking attempts by NOT displaying
# error messages, server paths, and turning off your globals.

php_value display_errors off
php_value register_globals off
#recursive
#only on a root server or a managed server that has PHP loaded as a
module


php.ini
# Disable register_globals for security reasons
register_globals = 'off'
#not recursive-must be in every directory where you want it

#The below solution is the only solution for shared hosting-
#only works on a managed server or a root server

http://faq.1and1.com/scripting_languages_supported/php/upgrade/6.html

What do I need to consider if I want to use PHP5?


With 1&1 Linux hosting packages you have the choice between PHP3, PHP4
and PHP5. To distinguish a script as PHP5, simply name the script with the
file extension .php5.

While the PHP developers have done their utmost to ensure compatibility, we
cannot guarantee that PHP4 scripts will function 100% correctly under PHP5.

Please note that in contrast to PHP4, the default for the variable
RegisterGlobals is "off".

By default Apache uses PHP4 for .php extension. If you don't want to rename
all your scripts to .php5 you can do the following:

Create a .htaccess file and place the following line AddType x-mapp-php5
.php in it.

This will tell Apache to use PHP 5 instead of PHP4 for the extension .php
in the directory the .htaccess is placed and all sub-directories under it.


Print Article
How useful was this article?
(From 5 = Very Useful to 1 = Not useful at all):
1 2 3 4 5


 © 2008 1&1 Internet Inc - About 1&1 Internet