Register Globals and other PHP settings | HostGator Support
  1. Knowledge Base
  2. >
  3. Results
  4. >
  5. Register Globals and other PHP settings

Register Globals and other PHP settings


Register Globals

Due to serious security concerns, the register globals feature has been deprecated as of PHP 5.3.0 and removed as of PHP 5.4.0. The information covering register globals below applies to earlier versions of PHP only.

To turn register globals off, you will need to change the settings in the php.ini file to:

register_globals = Off 

Note the upper case letter O in Off.

This will prevent PHP from automatically turning any value in the URL into a variable. That's a good thing because it means that hackers cannot try to insert anything they want into your code simply by inserting it into your URL. Well written code should be validating the variables anyway, but this provides extra security in case the script does not validate variables properly or if the validation is buggy.


Other PHP Settings

The same steps apply to all other php settings available in the php.ini file (e.g. auto_append, allow_url_fopen).


Recommendations for Modifying php.ini

It is recommended that you modify the existing default php.ini file in your home directory, if one exists. If not, we can upload a pre-made php.ini file for you which you may change as needed.

If you need a php.ini file for your account, please contact us via phone or chat. We are glad to create a complete file for you.

Instead of having us create and setup the php.ini file for you, you can place your php.ini file in your Home Directory (/home/username/) yourself and then add this code to your primary .htaccess (/home/username/public_html/.htaccess).

Be sure to replace "username" with your actual cPanel user name.

<IfModule mod_suphp.c>

suPHP_ConfigPath /home/username

<Files php.ini>

order allow,deny

deny from all


NOTE: HostGator cannot know why you want nor need to change this setting - we can only show you where to make the change. HostGator is unable to provide assistance with custom coding and strongly recommends getting the advice of your web designer or the developer of your script before proceeding.