register_globals http://www.php.net/manual/en/security.r ... lobals.php
turning both of them on is basically for lasy programmers who would rather have thier scripts functional rather than being safe.
if register_globals is turned on
an undefined variable $variable can be defined in the url http://blah.com/index.php?vairable=foobar
if register_globals is turned off the undifined variable would be null and the parameter defined in the url would reside in the $_GET['variable'].
get what I mean?