register_globals is the one PHP directive that absolutely must be switched off on your server.

If it is on, it is first of all a general security liability, and second, it can cause a number of problems with software coded for register_globals off --- such as the all the odd issues that arose after the recent security patch. Please turn register_globals off in your php.ini file, or ask your host to do it.

You should not use software that requires you to keep register_globals on. It has been deprecated since PHP 5.3.0, and will be entirely removed in PHP 6.0.0. To know if register_globals is on on your server, download the phpinfo script and upload it to your server, then open it in your browser and search for register_globals in the output; it will be "On" or "Off". If it's on, do whatever it takes to turn it off.

This is how you verify whether it's on or off:

It is best to turn this directive off in your actual php.ini file. If you cannot do that, you can add the following directive into your .htaccess file:

php_flag register_globals off

Depending on your host, the following may also work / be the preferred directive:

php_value register_globals 0

You may also be able to upload a php.ini file with the right directive into your root public_html folder --- but not all hosts support either of these overrides.

If you or your hosting provider are unable to turn register_globals off, you can fix the issue by sticking any one of the alternative solutions at PHP.Net (linked above) into the beginning of your index.php file --- right after session_start(). (This is not officially supported however.)