1and1 Help Centre Categories

print article

Disable PHP Global Variables

For Linux webhosting packages.

Web hosting packages run PHP5 as default with the register_globals directive set to OFF. The default setting in the older PHP4 was to have the register_globals directive set to ON. The change in the default setting for global variables in PHP5 comes from the PHP maintainers (not 1&1) to reduce the risk of PHP injection attacks and is recommended to leave register_globals OFF. There are two methods of disabling the global variables.

Editing the php.ini file (recommended)

Every version of PHP has a default or global php.ini file for the default PHP settings. Normally it is suggested to leave the default or global php.ini file unaltered and to simply create your own php.ini file wherever needed to override the default settings. You can create the php.ini file using a text editor and saving the file to the folder where the settings should apply.

Please note:
Using a php.ini file to override the default settings will only alter the PHP settings for all PHP files in the directory where it is saved.

This means that any PHP files in subfolders will not recognise the changes you have made in the php.ini file. You will have to copy the file to any subdirectories needed or created symbolic links in subfolders to the custom php.ini file.

Place the following two lines in your custom created php.ini file. Lines starting with a hash symbol (#) are comment lines and have no effect on the settings within the file.

# Disables register_globals for security reasons
register_globals = 'off'

Editing the .htaccess file
For Dedicated Website and Linux servers where PHP is running as an Apache module.

The .htaccess file is used to set Apache web server settings but can also be used to set PHP directives when used as a module. The settings in .htaccess file are recursive meaning that the settings within the .htaccess file will apply to all PHP files within the directory where it is saved as well as subdirectories. There is no default .htaccess file be default unless one was included with a web application install (such as Joomla, Wordpress, etc.). If not already created, you will have to create the .htaccess file using a text editor and save the file to the folder where the settings need to be applied.

Please note:
The dot (.) preceding the .htaccess file signifies it as a hidden file.

You may have to type

ls -lah

via the command line to see if the file exists as the ls command without options will not show the file in the listing.

Place the following two lines in your custom created php.ini file. Lines starting with a hash symbol (#) are comment lines and have no effect on the settings within the file.

# Disables register_globals for security reasons
php_value register_globals off
For additional information, you may want to reference: