Browse by Topic Pre-Sales & Policies Hosting Guide cPanel WebHost Manager (WHM) Plesk SSL Certificates Specialized Help Affiliates PHP & PHP Settings Overview php.ini & Changing Settings Register Globals Limits & Maximums View Settings with phpinfo Available PHP Versions PHP 5.3 phpSuExec or suPHP More Articles Helpful Resources Account Addons Billing System HostGator Blog HostGator Forums Video Tutorials Contact Us Interact and Engage

HostGator.com » Support Portal

[?]
Support Portal Home » Specialized Help » Technical » Register Globals and other PHP settings


Register Globals and other PHP settings

Register Globals

To turn register globals off, you will need to change the settings in the php.ini file to:

register_globals = Off

Note the upper case letter O in Off.

This will prevent PHP from automatically turning any value in the URL into a variable. That's a good thing because it means that hackers cannot try to insert anything they want into your code simply by inserting it into your URL. Well written code should be validating the variables anyway, but this provides extra security in case the script does not validate variables properly or if the validation is buggy.

Other PHP Settings

Same steps apply to all other php settings. (e.g. magic_quotes, auto_append, allow_url_fopen)

Recommendations for Modifying php.ini

It is recommended that you modify the existing default php.ini file in your home directory, if one exists. If not, we can upload a pre-made php.ini file for you, and you may change it as you need.

If you need a php.ini file for your account, please contact us via phone or live chat. We are glad to create a complete file for you.

Instead of having us create and setup the php.ini file for you, you can place your php.ini file in your Home Directory (/home/username/) yourself and then add this code to your primary .htaccess (/home/username/public_html/.htaccess).

Be sure to replace "username" with your actual cPanel user name.

<IfModule mod_suphp.c>
suPHP_ConfigPath /home/username
<Files php.ini>
order allow,deny
deny from all
</Files>
</IfModule>

NOTE: HostGator cannot know why you want nor need to change this setting. You are changing this at the advice of your web designer or the developer of your script. HostGator can only show you where to make the change.

Related Articles

Was this article helpful to you?

Article Comments

Adam
Unfortunately when FastCGI is enabled register_globals can be turned off. So it's a choice of fast or secure.
Posted: September 8, 2009
HostGator
That is true. When you enable fastcgi, your site will use our server's php.ini file. You will not be able to use a custom php.ini with register_globals = Off.

If you run phpinfo() and see "Loaded Configuration File /usr/local/lib/php.ini " , then you are using our server settings with register_globals = On.
Posted: September 9, 2009
Pavel Alexeev
This recommendation works and this setting take effect even for FastCGI php (according to phpinfo).
But this php.ini ignored for subfolders! Off course I can symlink it to one, two, tree directories... But how make descend php.ini from site root directory to any other in it?
Posted: January 17, 2010
HostGator
Place your php.ini file in your Home Directory (/home/username/) and then add this code to your primary .htaccess (/home/username/public_html/.htaccess). Be sure to replace "username" with your actual cPanel user name.

<IfModule mod_suphp.c>
suPHP_ConfigPath /home/username
<Files php.ini>
order allow,deny
deny from all
</Files>
</IfModule>
Posted: January 18, 2010
Andriy
Thanks for support. This rocks! It has just solved the issue on Drupal installation.
Posted: January 26, 2010
Andriy
this works also for Joomla installation. I had to turn off ‘display_errors’ and ‘register_globals’. The only problem was that I saw the change for ‘display_errors Off’ and ‘register_globals Off’ only on info.php with phpinfo(); script in it. But I could not see any changes on Joomla installation page itself. I used to see these changes while working on local machine with Wamp after Restart for Apache. Maybe this is the case. So, it works guys, but you have to check it using info.php
Posted: February 13, 2010
Chris Dillon
If my Drupal installation is not in my home directory, should the php.ini and .htaccess modification be in the home directory or in the Drupal installation directory?
Posted: March 17, 2010
HostGator
If your site is saved outside of public_html, then you need to put the php.ini and .htaccess files outside of public_html (or inside the drupal folder, either way).
Posted: March 17, 2010
levwii
BINGo! :) .. i did this...[i'm using Joomla!]
.. as told .. i made a php.ini file and placed it in the Home Directory (/home/username/) .. with..

register_globals = Off
display_errors = off

....and added the code:

<IfModule mod_suphp.c>
suPHP_ConfigPath /home/username
<Files php.ini>
order allow,deny
deny from all
</Files>
</IfModule>

..to your primary .htaccess (/home/username/public_html/.htaccess). Be sure to replace "username" with your actual cPanel user name.

.. it worked.. i can see the correct 'Green' texts on the Jommla! Instalataion screen!.. :) Hurray it worked.. thanks..
*i just put this here i because.. i was wondering what to do with 'display errors'.. as i didn't add that earlier to the php.ini file!.. LOL'

thx HostGator!.. great day!
Posted: April 24, 2010
Tim
Thanks Hostgator and levwii for making this so easy on me!
Posted: June 30, 2010
Matt
It looks as if Hostagtor is doing the suggestions in the comments here for us now. In cPanel, if you enable the customize php.ini option, and changes you make will create a new complete php.ini file in your root along with the htaccess file
Posted: August 16, 2010
Allan
Thanks Hostgator, and thread - Moodle now not showing RED - needed globals OFF in php.ini. My problem was that I had been using TextEdit (Mac) and I guss that it added in extra characters.
Posted: October 27, 2010
Syed
I did use the suggestions by HostGator above - with one modification.

I had a php-package installed on a subdomain that was giving me the errors (the primary domain - www - was working fine).

When I had placed the code in the 'main' .htaccess file (root directory), it resolved the subdomain issue, but gave me an error on the main website. Therefore, I created another .htaccess file in the subdirectory root, placed the php.ini file there as well and with that, it made both domains (primary & subdomain) work perfectly fine.

the only change to the code was changing the line:
suPHP_ConfigPath /home/username

to:
suPHP_ConfigPath /home/username/pubilc_html/subdirectoryname

It resolved the issue for me, maybe it'll be helpful for anybody else :)
Posted: January 2, 2011
WisTex
You can also make the changes via the cPanel by doing this:

1. Logging into your cPanel.
2. Click on php.ini QuickConfig
3. Enable QuickConfig (if not already enabled)
4. Click "Off" next to register_globals
5. Click Save Changes.
Posted: January 15, 2011
Joη
For drupal 7 users:

Hostgator Staff's Jan 18th reply, with the addition of

extension="pdo.so"
extension="pdo_mysql.so"

BEFORE the register_globals line in php.ini appears to remove the error seen on the admin report page.

I found this information here:
http://drupal.org/node/1036110
Posted: April 9, 2011
raiderj
Thanks for the posts! I followed levwii's instructions, but added in Jon's info to the php.ini file for Drupal 7. Works great!
Posted: June 4, 2011
Vedran
@WisTex... This tip was more then helpful... It certainly helps with the web access from public comp only :).

Cheers mate
Posted: September 26, 2011
Bilal
Thanks for the info. This was very helpful
Posted: October 13, 2011
stegastock
Wow. Works great for my Market place website
Posted: December 23, 2011
HostGator
Thank you for your comments. Just a quick reminder that the comments on this page are not monitored by technical support staff, and that for support issues, it is best to contact us by live chat, phone or email so we can assist you right away.

Although comments are not monitored by technical support staff, they are moderated and read by technical writers. Comments will need to be approved by a moderator before appearing.

Our technical writers do read the comments periodically for the purposes of updating the articles, and do appreciate your feedback, suggestions and corrections to the articles themselves, as well as any suggestions or tips for readers of this article. However, support questions posted here are not guaranteed to be replied to in a timely manner or at all. For support issues, it is best to contact our support staff instead by live chat, email or phone.

Posted: December 13, 2011 (Global Reply)
Your comments help us keep the knowledge base updated. This is not a medium for support. If you have questions or need help, please contact us via email, phone or live chat for fast assistance.

Post Comment