Hello Guys , Since 2002 the php servers was register_globals (on) but now for a security reasons it become register_globals (off) So the php scripts with an old coding style was mainly dependedon register_globals to be (on) as my website So, in order to pass that problem must make a small changes at some varibles add at config.php or conn.php wtever if ( phpversion() >= "4.2.0"){ extract($_POST); extract($_GET); extract($_SERVER); Code (markup): or foreach( $_REQUEST as $key => $value ){ $$key = $value; Code (markup): HERE COMES THE PROBLEM I've tried all and works fine but at member login problem still on the line i don't know wt variables should i change so please help me with the following code if you have an idea about the problem of register_globals here is the code <? session_start(); require "config.inc.php"; require "functions.inc.php"; $login_id = $HTTP_POST_VARS['login_id']; $password = $HTTP_POST_VARS['password']; $sql= "select * from users where username='$login_id' and password='$password'"; $result=executeQuery($sql); if($line=mysql_fetch_array($result)) { //$msg= "Login Successful"; session_register("login_id"); //session_register('msg'); header("Location: index.php "); exit; } else { $msg= "Please check your login informations"; session_register('msg'); header("Location: login_frm.php "); exit; } ?> Code (markup):
Unfortunately everything you're doing is wrong. 1) Checking PHP version doesn't tell you whether register_globals is on. Instead use ini_get() to find out. 2) Don't extract() $_POST etc. That just repeats the security problem that led to PHP's creators making the change. Instead, fix your code so that it looks directly at $_REQUEST or whatever. Otherwise your script will be vulnerable to all sorts of attacks that will take you more time to find than just fixing it properly.