Simple security question - setting globals within functions/classes

[Anti-Moronic]

So I have a function. Let's say:

 

<?php

function cleanfield($field){

  global $badfeed;
  
  if(empty($field)){
    
    $badfeed[]= "This field is required.";

  }else{
    return $field;
  }

}

?>

 

Then in my code, I use:

 

 

<?php

$field = cleanfield($_POST['somefield']);

if(!$badfeed){

  //perform database queries

}

?>

 

NOTE: this is NOT my whole function, I have just rewrote a very simple example for sake of simplicity.

 

My obvious intent here is to register a badfeed in case of bad input and recognize that a badfeed exists. If no badfeed exists, then no bad input exists (determined by my own filtering).

 

But, I have registered badfeed as a global so can now be accessed as such. Could somebody potentially return a NULL on that global and thus bypass my check?

 

Finally, is there a way to make a variable only available to the script, and not through globals?

 

Any help is greatly appreciated.

[Dathremar]

Maybe try to put that variable into a session and use it while You need it and then destroy it. Just a thought

[Anti-Moronic]

I used to do that but it requires too much management across pages. Setting and destroying sessions or unsetting certain elements. This is the source of my error reporting so there's too much to handle sometimes.

 

I may even be missing something fundamental about php. How could somebody unset the global $badfeed between the creation of it, and the checking, when they are within the same script? Would this even be possible?

[Anti-Moronic]

Anybody?