FATAL ERROR: register_globals is disabled in php.ini, please enable it!

21Nov2007 Filed under: Tips and Tricks Author: Kitkat

Should you want to join Kongtechnology.com, please read here.

My job involves a certain amount of programming and sometimes when the odd strikes a little tiny bit of web design. Today, a friend called up and asked me to check his website which shows “FATAL ERROR: register_globals is disabled in php.ini, please enable it!” error message on his OSCommerce powered storefront. That happens all of a sudden according to him…

Fatal error

I told him not to panic as the solution is pretty simple.

Do a .htaccess file and put the following line in it. Upload it to the server and all should be well again.

php_value register_globals 1

That blardy friend didn’t know how to do it and I have to help him with that. Helped him and his is all smiles again!

Just want to put here to share with you all should you run into the same problem. I think the likely cause is his server setting has somehow changed, perhaps by the hosting company who decided to turn off register_global for security reasons.

Share this story with the world:

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 Responses to “FATAL ERROR: register_globals is disabled in php.ini, please enable it!”

Ah Yuen
November 21st, 2007 at 9:50 pm

Hoho. I know why it is disabled. register_global is recommended to be disabled because it is easy to hack a php site which install and use the open source script.

Say for example the follow code.

$user=”normaluser”;
include(“update.php”);

——————————-
file update.php

$sql=”UPDATE user set password=$password where user=’$user’”;
….
….
————————-
So, since it is a open source script, hacker knows how the code looks like and can call the script directly. eg. http://yourdomain.com/update.php?user=admin&password=hacker

this way, the password of admin changed to “hacker”. If register_global is disabled, method above will not work.

Just my 2 cents.
KennyP
November 22nd, 2007 at 12:31 am

Ah Yuen is teaching us how to hack, thank you
Kitkat
November 22nd, 2007 at 2:30 am

Ah Yuen,
Thanks for the reminder. I totally understand, newer versions of those open source scripts should be updated to work with register_globals turned off. It’s a hugh security risk to run with register_globals turned on with php.ini or .htaccess.

KennyP,
You wanna try that on people you don’t like? Who?… Liucf?
John Motson
November 22nd, 2007 at 6:35 am

Hi Kong,

Check out the linkbait I did to get on Shoemoney.com

Linkbait

Cheers,
John
CSS Gallery
February 27th, 2009 at 11:26 am

This is funny, I just had to do this on my Godaddy virtual dedicated server last night. I had to download putty, connect via ssh, navigate to /etc and edit the php.inin using VI. I was not familiar with this process and it was a pain in the butt. I also had to restart httpd for it to take effect. What a pain…