Jump to content

Recommended Posts

<?php

function ab()

{

    global $a;

    $a=2+2;

}

 

ab();

echo $a;

?>

 

what could be the contexts that a global variable can be wrongfully used?

My concern of a global variable is that it may get changed almost anywhere in different php files and will be hard to track.

Well making a variable global, when it should be passed as a parameter is one of the contexts. In a function like the above, I would pass $a as a parameter since it is required.

 

Given what you stated, that any file can change what the value might be, sounds like a poor design. You should really use unique variable names and keep them inline so you are not guessing what is being passed.

 

With that example, you would be using them in the wrong context, that is my outlook at least.

<?php

 

$module = array("Staff","Project");

$modeofaction = array("create","copy","edit");

 

$m="";

$ma="";

 

for($i=0;$i<count($module);$i++)

{

$m = $module[$i];

for($j=0;$j<count($modeofaction);$j++)

{

$ma = $modeofaction[$j];

editable_form();

}

}

 

function editable_form()

{

global $m;

global $ma;

 

if($ma=="create")

{

$editable_title = "New $m";

$editable_message = "Please enter the $m data";

$editable_action = $ma;

$editable_nextAction = "confirmNewInstance";

}

else if($ma=="copy")

{

$editable_title = "Copying $m";

$editable_message = "Please modify the $m data";

$editable_action = $ma;

$editable_nextAction = "confirmCopy";

}

else if($ma=="edit")

{

$editable_title = "Edit $m";

$editable_message = "Please edit the $m data";

$editable_action = $ma;

$editable_nextAction = "confirmEdit";

}

 

if (!file_exists("src2"))

mkdir("src2");

 

$myFile = "src2/".$ma.$m."View.php";

$fh = fopen($myFile, 'w') or die("can't open file");

//editable details.........

fclose($fh);

 

}

 

?>

 

This is my script. Why should I pass in as a parameter when it can be declared global? From the scripts I googled, global variables are used the way I coded it. Have I missed out on any implications that a global variable might cause problems?

...turn it on?  ;)

 

Wow dude. That is the worst advice ever.

 

Do not turn on register_globals. Horrible horrible advice. This is being removed in PHP 6 and is depreciated in PHP 5  and turned off by default as of PHP 4.2 (thanks pf) due to security issues.

 

register_globals read there for more information on the security risks etc.

 

EDIT:

This is my script. Why should I pass in as a parameter when it can be declared global? From the scripts I googled, global variables are used the way I coded it. Have I missed out on any implications that a global variable might cause problems?

 

Just because a script is on google does not mean it is coded correct.

 

You should pass that in as a parameter, because it is A the same amount of code or less, and B that way you know what is being passed and you are not second guessing whether that is being changed by another script. Read up on function do not be afraid to pass something as a parameter, that is what functions are meant to do.

I have turned it on and ran the code again. Does it have a difference?

 

Not in the sense you are using it. I highly suggest turning it off.

 

Register_globals takes data such as $_GET, $_POST and session and cookies and instead of them being an array they are now $variable. This is bad because most people do not fully understand that if you have a session that contains "loggedin" and if that value is true the user is logged in. Given that without proper checks, anyone can pass $loggedin via Get and be considered logged in.

 

That is the short version, do not turn it on. Leave it off. This has nothing to do with your question.

I have turned it on and ran the code again. Does it have a difference?

 

Not in the sense you are using it. I highly suggest turning it off.

 

Register_globals takes data such as $_GET, $_POST and session and cookies and instead of them being an array they are now $variable. This is bad because most people do not fully understand that if you have a session that contains "loggedin" and if that value is true the user is logged in. Given that without proper checks, anyone can pass $loggedin via Get and be considered logged in.

 

That is the short version, do not turn it on. Leave it off. This has nothing to do with your question.

 

Agreed, and if you absolutely have to use it, place a .htaccess file in the main directory of your domain to enable it so that it's not enabled server wide.  If you're on a shared account and don't have control of those settings that's the easiest solution.  But use it as a temporary one until you convert your code over.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.