The register_globals parameter in PHP is the difference between OFF and ON (register_globals USES details)

The value of register_globals can be set to: On or Off. Let's take a piece of code to describe the difference between them.
Code:

 
<form name="frmTest" id="frmTest" action="URL"> 
<input type="text" name="user_name" id="user_name"> 
<input type="password" name="user_pass" id="user_pass"> 
<input type="submit" value="login"> 
</form> 

When register_globals=Off, the next program should receive the passed value with $_GET['user_name'] and $_GET['user_pass']. (note: when < form > $_POST['user_name'] and $_POST['user_pass'])

When register_globals=On, the next program can accept the value directly using $user_name and $user_pass.

As the name implies, register_globals means to register as a global variable, so when On is used, the passed value will be registered directly as a global variable, while when Off is used, we need to go to a specific array to get it. So, those of you with the above problem of not getting the value should first check to see if your register_globals Settings match the way you got the value. (you can view it using the phpinfo() function or directly view php.ini)

So why do we use Off? There are two reasons:
1. Off is used by default in new versions after php. Although you can set it to On, compatibility of your code becomes a big problem when you can't control the server, so you'd better start programming in Off style from now on
2. Here are two articles about why Off is used instead of On

http://www.php.net/manual/en/security.registerglobals.php

Another question is, what about the large number of scripts written in the On style?
If your previous scripts were well planned, there is a common include file, such as config.inc.php1, and in this file add the following code to simulate 1.
Code:

 
<?php 
if ( !ini_get('register_globals') ) 
{ 
extract($_POST); 
extract($_GET); 
extract($_SERVER); 
extract($_FILES); 
extract($_ENV); 
extract($_COOKIE); 

if ( isset($_SESSION) ) 
{ 
extract($_SESSION); 
} 
} 
?> 

The case of register_globals = Off not only affects how to get from < form > , url data, also affect session, cookie, corresponding, session, cookie should be: $_SESSION[], $_COOKIE. At the same time, there are some changes in the processing of session. For example, session_register() is unnecessary and invalid. For specific changes, please refer to Session handling functions in php manual

The content in the middle of $_REQUEST actually comes from $_GET $_POST $_COOKIE. The disadvantage is that it is impossible to determine whether the variable comes from get post or cookie, which is not suitable for situations with strict requirements.