The issue: register_globals is still used in many applications and even for developing
- Pollutes the global namespace.
- Can overwrite not properly initialized variables.
The solution: Turn off register_globals in development and production environments.
- Workarounds could overwrite global variables before PHP 4.4.1 and PHP 5.0.5
- Still possible with own importing mechanisms.
- Fixed in extract() and import_request_variables().
register_globals and magic_quotes will be removen in PHP 6