DO NOT attempt to implement register_globals
, it is a massive security hole and never should have been implemented in the first place. Hence why it was deprecated in PHP 5.3 and removed in PHP 5.4.
You don't need to re-assign your variables, just replace them with the $_GET
equivalents. I.E.
if($pID==1) include('content1.php');
should become
if($_GET['pID']==1) include('content1.php');
To demonstrate why register_globals
was bad, take a look at this simplified example:
if(login_success('admin')) {
$admin = 1;
}
if($admin == 1) {
require('super-secret-admin-file.php');
}
Because $admin
is never initialized anywhere, if register_globals
was on and you opened file.php?admin=1
you would gain access to the admin section of the site regardless of if you are an admin or not.