I don’t do that much work with php these days, but I still have a few sites that I use it for. The problem is that a lot of these sites are still relying on register_globals working. That means that instead of $_GET[name], $_POST[name], $_SESSION[name] etc., you could just use $name. This was pretty easy, but it did cause a lot of security problems.
By default, php has register_globals disabled on new installs these days, and it will actually be completely removed in php6, but for the moment, I needed a workaround. Now, I’m no expert on all the different configurations of php running on various web servers (apache, IIS etc), but if you have one where you can do this, it is fairly easy to turn register_globals on, or alternatively, if it is on, you could possibly use this to turn it off.
Simply, create a file called php.ini in your http root, and put the following text in it…
register_globals = On;
That should do it, as long as your configuration allows it!