[SOLVED] Quick Variable Function question

[Eggzorcist]

In my script I made a quick function which secures the inputed variable like this.

function secure_var($var){

$var = mysql_real_escape_string(htmlentities($var));

}

 

I have a quick question of something I'm unsure of. To use a variable like this one. Should I be doing...

<?php

$var = secure_var($var)

// or would this just work?


secure_var($var)

?>

 

I will be retrieving the variable like "$var" I think the first option is best but I'm unsure of the right way of doing this.

 

 

Thanks

 

 

 

 

[Alex]

To get a value from a function you use return:

 

function secure_var($var){

return mysql_real_escape_string(htmlentities($var));
}
$var = 'something...';
$var = secure_var($var);

[.josh]

to expand... functions have their own scope, so if you do this:

function secure_var($var){

   $var = mysql_real_escape_string(htmlentities($var));
   
}

$var = "something";
secure_var($var);

 

your function is going to do its thing on its own copy of $var, and nothing will happen with your $var.  So you have to either return it, pass it by reference, or declare it as global inside your function. 

 

example of global:

function secure_var($x){
   global $var;
   $var = mysql_real_escape_string(htmlentities($x));
   
}

$var = "something";
secure_var($var);

 

passing by reference:

function secure_var(&$var){

   $var = mysql_real_escape_string(htmlentities($var));
   
}
$var = "something";
secure_var($var);

 

Best practice is to return assign the function to the value and return the results inside the function (as detailed by AlexWD's post), because one of the points of functions is that they have their own scope.