Regarding global variables and security

webpoet

I´m going to build a private community which needs to be fairly secure. I´m still new to PHP tho and one thing that I can´t seem to decide on is whether it´s secure to use global variables.
Of course certain things such as session variables needs to be tested that they are truly submitted the correct way, but other than that I can´t really see any security concerns in using globals.

Can someone with experience please advice me on this ?

Thanx in advance.

ahundiak

Globals will be secure if you:
1. Work with register_globals=off which prevents submitted variables from being turned into globals.
OR
2. Make sure that ALL globals that you use are properly initialized. In other words, don't just do something like
if ($logged_in)
{
// Whatever
}
And assume that your code is setting the value of $logged_in. Initialize it up front.

Also, keep in mind that globals can make it harder to maintain your programs. It's sometimes difficult to figure out where they are being set.