Global variables

jaddy

hi,
What are global variables?
I know that they are declared inside the function so they can be used inside the function, but:

What is the benefit of this?
What are their advantages and the dis-advantages?
I hear that they are unsecure? How?

Thx

jburfield

Global Variables are a few things...

If you have REGISTER_GLOBALS turned ON in your php.ini file, then you will be able to pass values from a form to a page using only $form_text_box_name type of code...

With register_globals turned off you need to do: $_POST["form_text_box_name"];

In functions, if a variable is marked as GLOBAL, it means that code in your page OUTSIDE of the function can use this variable.

So, if you had:

function(name) {
global "$fname";
$fname="Dylan";
}

You could call $fname elsewhere in the page and it would return the value of 'Dylan', even though it is not inside of your function.

This can be an advantage when you want to keep your code concise and use functions for particular areas yet still have the variable accessible.

One of the big insecure parts of have things be GLOBAL, especially REGISTER_GLOBALS turned on, is that someone can pass a variable to your script simply by adding it to the URL as in : http://www.yourserver.com/page.php?sql="xxxxx"

-- Jason

[deleted]

True globals do not exist in PHP.

Globals are 'good' because you can access them anywhere in your code.

But that also means they are bad because you can change them anywhere in your code.

PHP is a procedural language, which means there is no predefined flow. The program jumps from here to there and back. If you use globals to send data from function to function, you quickly lose track of which function changed which global variable.

So save yourself a lot of trouble and never use globals.

The only 'global' that doesn't give you much trouble is a constant. That can be used everywhere in your script, but it cannot be changed anywhere. Those are safe.