I am not sure whether this would be good to be marked as community wiki, but anyway:
Is there an easy way to kill the register_globals? I'm working on a PHP Framework and right now, I just set the script to terminate if register_globals is On. Although I prefer to force people to disable it, there are servers that still have that on.
I know that in PHP 5.3.0 register_globals is deprecated and in PHP 6 it will be completely removed, but it is always a good thing to deal with it while it is still here.
I saw some ways, and I'm currently thinking on using this:
$temp = array_merge($_GET, $_POST, $_COOKIE); foreach($temp as $k => $v) { if(isset($$k)) unset($$k); }
There are some problems over here, though. It is resource incentive, specially when there's a lot of input data. I am not sure whether disabling it on runtime would work, for example:
ini_set('register_globals', 'Off')
Is there a better way that I haven't heard of to get rid of register_globals? Thanks.