What it's doing is unsetting any variables which also exist in POST/GET.
So say you have this...
GET page.php?foo=bar
If you have register_globals on, you can write your script like this:
And it'll print "bar" to the screen. If you have register_globals off, it'll print nothing, because you need to use $_GET['foo'].
The PHP in your post is useful if people can't use .htaccess files to turn off register_globals:
Code:
php_flag register_globals Off
The $key => $value method is a way of accessing parts of the array in a foreach() loop.
Say you set an array up like this....
Code:
$array = array("a" => "foo", "b" => "bar);
That's setting the key of the array to "a" and the value of that entry to "foo", and the same for the second part. So in the foreach() you can say:
Code:
foreach($array as $key => $value){
echo "I am at part $key of the array which has the value $value";
}
Which would print to the screen:
"I am at part a of the array which has the value foo" (and then do the same for part b as foreach() does what it says on the tin).
The double-dollar is the cool part. Variable variables! They
take the value of the variable and use it as the name of the variable. In English, actually, the
PHP manual explains it better than I could.
So after having read that, you'll see that it's taking the
name of the variable's key as the name of a variable and un-setting it (ie giving it no value).
This is un-doing register_globals because register_globals creates variables and gives them the value sent through GET or POST.
So in a nutshell it's saying "for each variable which was passed by get or post, set its value to nothing" - so if you have register_globals on
and[/i] run those two lines of code then you'll still need to use $_GET['foo'] to access the variable, because register_globals has been reversed
/sore fingers