What your referring to is 'register globals'. If it is turned on in the php ini file then your super globals like $_POST and $_GET are converted to simple variable names. While this might seem like a good idea, it poses a very high security risk to your PHP applications (Most hosts disallow it, I don't know why there would be some out there with it still turned on).

Say you've got a variable you use to determine whether a user is logged on:

if ($user == 'admin')
{
[... do restricted stuff here ...]
} else if ($user == 'public') {
[... do normal stuff here ...]
}

That variable can then be hacked by someone entering mypage.php?user=admin

It's a very very simplistic example, but hopefully you get the idea why register globals is a bad idea. If your host still has it turned on, ask them politely to turn it off and write your code using $_POST and $_GET. Using those variable names also helps you distinguish in your code where the data is coming from.

If the malicious user wanted to, he could still create a dummy html form and submit the value that way, or if he is advanced he could create an http request with any headers he wants...

I'm not in need of any security anyway, and yes it does seem my host has this turned on. I'm mostly concerned with what performs better under a high volume.

Funny thing is, I had some pages written in Miva script which is quite an easy, simplistic language. I wanted to learn PHP and plus I heard PHP gets great performance, so I converted some of my Miva pages to PHP...pages that get high volume. As soon as I did that, my CPU usage shot way up. So now I'm trying to determine why PHP is such a dog when it comes to performance. I never considered Miva to be a very efficiently-performing language so I was actually expecting PHP to perform better.

Some stats, CPU usage per day (I'm estimating these off a graph):
March 30: 400 cycles
March 31: 600 cycles
April 1: 500 cycles
April 2: 500 cycles
April 3: 600 cycles
April 4: 2,200 cycles
April 5: 2,600 cycles
April 6: 2,500 cycles
April 7: 2,400 cycles
it continues like that...

My unique users for those days:
March 30: 6,195
March 31: 8,719
April 1: 7,699
April 2: 7,898
April 3: 10,145
April 4: 13,026
April 5: 11,930
April 6: 11,654
April 7: 11,456

So looking at the CPU utilization, what changed on April 4th? That's the day I switched a few major scripts from Miva script over to PHP. Most of my traffic goes through these couple of scripts. If you look at my traffic, yes it increased by maybe 60 percent or so... But my CPU utilization shot up by some 500%, and the day it jumped dramatically was the day I switched to PHP.

Now I don't know whether I should continue using this language. =(

My host is going to start to get pissed if I keep this up.

I don't know about miva, but I know that php, and especially mysql uses 100% CPU. That is done to make the page appear faster and so that the users don't have to wait for a page to load.

As for registered globals they should be turned off, the best thing to explain would be login:

Here some form with
<input type="text" name="user">
<input type="password" name="pass">

The login page:
if(($_POST["user"] == "username") && ($_POST["pass"] == "pasword for that user") $auth = true;
else $auth = false;

Without globals registere there isn't any threat to your site, even from malicious forms or html headers.

Moreover using $_POST and $_GET is faster, because the server doesn't have to translate all the stuff to globals. And think what would happen if you set $_POST['user'], $_GET['user'] and $_COOKIE['user']. Which of these values would you have? I don't think that the desired one.

Best regards
Michal Cibor