Hi I need someone to confirm my understanding is true When register_globals is OFF, if I have a field named "address" in my form, I can access to the input by $_POST['address'] or $_GET etc Is that correct? Thank you
$_GET and $_POST are what are called "super globals". Whether you have them available depends on your setting for "variables_order". There are a few more super globals named $_SERVER, $_ENV (environment) and $_COOKIE. The value for variables_order when you want all of them to be available will be something like "EGPCS" where each letter corresponds to the first letter of the super global it is for. If variables_order is missing the letter for a super global, that super global will not be available. For instance, if variables_order is "EPCS" then $_GET would not exist and you wouldn't be able to access variables from the querystring using $_GET. Now, where register_globals comes in to play, is that instead of or in addition to placing variables in to super globals, or the legacy "long arrays" such as $HTTP_GET_VARS, when register_globals is true or on, variables that correspond to the indexes of the super globals will be created. For instance, if you have a querystring variable "?var=1" you would have $_GET['var']=1 as well as $var=1. With register_globals being off/false you would not have $var=1 but you would have $_GET['var']=1 assuming variables_order allows for it.
It's also a big security issue since it could enable a user to inject variables into your codebase. It's being ditched in PHP6 so it tends to be always set to false now - or at least your code should be developed to allow for that. The answer to your original question: Yes.