making variables visible out of functions

morpheusoptic

I posted earlier this week about the if else, else if statements and finally figured out how to make it work... Thank you everyone who helped. Now I have another question!

For anybody who didn't read my last thread, I am creating a free classifieds section on my website where users can freely post and edit an ad of something they are wishing to sell. I have a user registration page (sell.php) which is three pages long, all called from functions in another php file.

I am trying to post all the information from the forms into the database however nothing is being added. I did some echo commands on my variables and found out they are not visible from page to page,

How can I make a variable, that I created in a function, visible anywhere in sell.php so that other functions, such as the database inserter script can view them?

I'll give you an example below of how the variables are defined in the functions. This is a snippet of code from the file fns.php included in sell.php.

<?php
function sellerad2()
{
// create variables for every field in the form on page 2
  $usremail = $_POST['email'];
  $username = $_POST['username'];
  $password = $_POST['password'];
  $firstname = $_POST['firstname'];
  $lastname = $_POST['lastname'];
  $pagenum = $_POST['pagenum'];  // Used to tell sell.php what page it is on.
  $useridtag = '1Zx54';  

// variables for page 2 created
?>
<form action="sell.php" method="post">
User Information<br>
<br>
Email Address: <input type="text" name="email"><br>
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
<br>
Personal Information<br>
<br>
First Name: <input type="text" name="firstname"><br>
Last Name: <input type="text" name="lastname"><br>
<br>

<input type='submit' value='Continue'>
<input type="hidden" name="pagenum" value="pg3">
</form>
<?php
}

Also, what is wierd is the variable $pagenum seems to be visible from anywhere in the script, but the others are not.

I appreciate your help, Thanks in advance.

Paul

rehfeld

variable created inside functions ONLY exist inside the function.

you can pass the variable value back outside the function if you need to using return. note that return immediately exits the function, so you can only return from a function once


function foo() {
    $foo = 'i am foo';
    return $foo;
}

$foo = foo();
echo $foo;

please read
http://www.php.net/functions
http://www.php.net/manual/en/language.variables.scope.php

morpheusoptic

rehfeld, thank you for posting so fast.

I was doing a little research on php.net before your post and did come across what you suggested, however I don't think that will work for my particular situation, seeing that return exits from the function immediatley.

What I need is when the user fills out the form and all the form fields are put into variables, those variables need to be visible outside that function to the function that will insert them into the database. At this point, I am dealing with one function needing access to the data from variables in another function.

How can this be done? I know I could use hidden form fields, however that is not as safe as I would like it to be. Also, if in the future I decided to implement a fee for posting ads and a user submits a ccard number, It has to be more secure than hidden form fields, even though it would be on an SSL server.

I know in c++, variables are visible everywhere, unless you define them to be local, in php it seems it is completely opposite.

I really don't understand how global variables in php work, however if there is a way to turn the variables in the function to a global variable that can be viewed anywhere, please tell me how. Also, all variables are filled in from the POST command on the form. Ex: $firstname = $_POST['firstname']; so I don't know if that will effect it if I made it global somehow.

Thanks again in advance,
Paul

rehfeld

you should define the variables outside of the function, then pass the values into the function so it can use them too.

if you dont want to pass the values into the function, you can use the global statement inside the function itself, see the links i posted for more info on that. the global statement kinda allows you to mimic how things work in c++

but in the function you posted, i see no reason why you even need to even have those variables available inside the function, because you never use them

as far as having data persit from page to page, use sessions for that.

php.net/session

jannoy

if you want to use a variable accessible to all functions and you dont want to use hidden fields.

for me there are two ways
1. use cookies
2. use sessions

in that case all my variables will be accessible to all my functions

Roger_Ramjet

Several ways to make the post vars global

Try import_request_vars

or do it yourself

foreach ($_POST[] as $key=>$val) {
		$_SESSION[$key]=$val;
	}

// which means
// create variables for every field in the form on page 2
  $_SESSION['usremail'] = $_POST['email'];
  $_SESSION['username'] = $_POST['username'];
  $_SESSION['password'] = $_POST['password'];
  $_SESSION['firstname'] = $_POST['firstname'];
  $_SESSION['lastname'] = $_POST['lastname'];
  $_SESSION['pagenum'] = $_POST['pagenum'];  // Used to tell sell.php what page it is on.
  $_SESSION['useridtag'] = '1Zx54';  

// variables for page 2 created

Finally, you can do tHE WRONG THING and turn Registyer Globals ON !! Security hole the size of the Grand Canyon is the result.

rehfeld

import_request_vars() is basically turning register globals on......it can be just as dangerous.

also, blindly putting all post vars into the session using a loop isnt a very good idea either.

morpheusoptic

thank you for your replies.

Last night, I gave this a try and it seemed to work, however please tell me if it causes any security problems. I know you don't want to turn globals on and make every variable default to being global and I do not chose to do so.
Here is what I did.

sell.php is my main page, it calls all the functions it needs from fns.php.

I defined every variable in sell.php, an example of some are below:

<?php
  include ('fns.php');

 // create variables for every field in the form on page 1
  global $est;
  global $ast;
  global $frn;
  global $strt;
  global $title;
  global $tag;

I than went in the function in fns.php and also defined the variables I needed as follows:

<?php
  include ('fns.php');

 // create variables for every field in the form on page 1
  global $est;
  global $ast;
  global $frn;
  global $strt;
  global $title;
  global $tag;

  $est = $_POST['est'];
  $ast = $_POST['ast'];
  $frn = $_POST['frn'];
  $strt = $_POST['strt'];
  $title = $_POST['title'];
  $tag = $_POST['tag'];

This seems to allow all the variables to then become global and be accessible outside of the function.

Then, in any function that needs access to these variables, such as a database inserter function, I just add the global $variablename and than it has access to them.

Is there any security concern here? I am not inserting any sesitive data into the variables so I am not to worried about them being viewed, if they could be. And I feel by using $variablename = $_POST['variablename'] is pretty safe compared to not using it.

Thanks for the advice on using session variables, that may be a good idea if the site gets large. Do cookies need to be enabled for sessions or not? I know some people block cookies so if they are required, that may stop some people from accessing the website properly.

Leave me some input,
Thanks again.

Paul

rehfeld

using the global statement is fine.

but you are NOT supposed to use it unless you are inside of a function. so dont do that outside of a function, because if you are outside of a function, then your already in the global scope. again, read those links i posted, and keep reading them again until you understand them. they will help you.

session do not require cookies, but it is the default and prefered way to store the session id. php has the option to pass the session id through the url in the event cookies are disabled. however, passing the sid through the url can be a security risk. theres ways to minimize/avoid the security issues but thats another topic in itself. php.net/session has tons of info if your read the entire page, and the links on it.