Register Globals

PHP automatically creates global variables containing data from a variety of external sources EGPCS (Environment, GET, POST, Cookie, Server).register_globals setting in PHP's configuration file (php.ini)(which can be either On or Off) tells whether or not to register the contents of the EGPCS variables as global variables.

Example 1:
To start a session use session_start() and to register a variable in this session use the $_SESSION array.

<?php
session_start();
$_SESSION['my_var'] = 'Hello World';
?>
If register_globals is enabled then your session variables will be available as normal variables on subsequent pages.
<?php
session_start();
echo $my_var;
?>
And If register_globals is enabled, then it will only be in the $_SESSION array.
<?php
session_start();
echo $_SESSION['my_var'];
?>


Example 2:

If register_globals is on, the url http://www.testdomain.com/test.php?id=3 will declare $id as a global variable with no code required.

Note : This feature is a great security risk, and you should ensure that register_globals is Off for all scripts (as of PHP 4.2.0 this is the default).