How to enable register_globals for a single website without putting the entire server security at risk?
Web servers configured with security in mind have PHP register_globals disabled from within PHP.ini. This affects the entire server. If are you trying to install osCommerce or another Fantastico script you are sometimes getting the error message shown below:
register_globals is disabled in php.ini, please enable it!
This error messages points to a problem with a specific script on a web hosting account. Fortunately register_globals can be turned on per domain. Please follow the instructions below to fix this issue.
- Go to your control panel and then click on File manager.
- In your file manager, enter the public_html folder.
- In the public_html folder you will see a file called .htaccess.
- Select the .htaccess file and click on edit in the upper right hand corner.
- Copy and paste the text line shown below at the bottom of .htaccess file and then save it:
php_value register_globals 1
This will turn your register_globals on and your script will work properly. Why is register_globals disabled in the first place? Leaving register_globals turned on poses a security risk for an entire web server. It should therefore only be enable on a case by case situation and only per website. Web Developers should no longer develop scripts that require register_globals to be turned on. Unfortunately this is very difficult to enforce.
Related posts:
- Q&D Folder Restriction (security)
- What is .htaccess and how is it being used?
- Apache HTTP Web server configuration Tutorial
- Configuring Basic Cisco Router Security
- Poor Man’s Version of Server Security
- CHMOD – Understanding File Permissions on a Unix-Based Server
- How to remove or disable mod_evasive from Apache Web Server?


