I'm having trouble understanding include() and require() with variable scopes.

I have a page that is basically like this...

<?php
session_start();
require_once("config.php");
?>

//some basic html here

<?php echo"$any_config_variable";?>

//more basic html here

<?php
require_once("loginform.php");
?>

in the case of $any_config_variable, it works properly, if I place $any_config_variable in loginform.php, it does not work. I'm sure that both files are actually being included, it's just that when I try to access variables in the second included file that were defined in the first I get an UNDEFINED VARIABLE error.

I remember reading about security issues with $GLOBALS, and I guess I could set everything in config.php to be globally accessible, but I'm not sure that's the right thing to do.

I've read the manual on include() require() and variable scope, and I'm still a bit confused -- especially with the security issue of $GLOBALS / $SUPERGLOBALS.

What am I missing here? Can someone point me in the right direction?

    All variables should be in the global scope whether in the main script or an include. However, any variable within a function definition will be local to that function only, unless it is defined as "global" within that function (which is generally frowned upon for a number of reasons). Therefore, any code within a function will be oblivious to any variable defined outside of the function, except for super-global variables ($POST, $SERVER, etc.) or those defined as global within the function (or, of course, any variable passed by reference into the function arguments).

    If that does not clear things up, we may need to see the actual use of the variable in the include file.

      @ -- Thanks for your help, and sorry for the delay.

      I have been testing like crazy and it's the strangest thing -- if I create a few test files that do the same thing, it works, but it won't work in what I've already written, so it must me a problem within the code I've already written. I have tried it every way I can possibly think of, but I still can't get it to work.

      Here are the actual files.

      config.php

      <?php
      
      #DATABASE CONNECTION VALUES
      	#your database host name (likely "localhost") goes between the ""
      $config['db']['host']="localhost";
      	#your database name goes between the ""
      $config['db']['name']="EDITED";
      	#your database username goes between the ""
      $config['db']['user']="EDITED";
      	#your database password goes between the ""
      $config['db']['pass']="EDITED";
      
      #GENERAL WEBSITE SETTINGS
      
      #your business name goes between the ""
      $config['site']['name']="iSalli";
      	#your template name goes between the "".
      $config['site']['template']="Rounded";
      	#if you have a security certificate installed on your site, set this to "Y".  If you don't are you aren't sure, leave this as "N".
      $config['site']['secure']="N";
      	#your subdomain name INCLUDING THE TRAILING DOT goes between the "". (EXAMPLE: for the domain www.EDITED.com, you would put "www." here || store.EDITED.com, you would put "store." here)
      $config['site']['sub']="www.";
      	#the domain name where you installed goes between the "". (NO TRAILING SLASH!)
      $config['site']['domain']="EDITED.com";
      	#the path to your installation goes between the "". (BEGINNING SLASH REQUIRED!)
      	#if you installed directly on your domain's highest web accessible directory (not in a subfolder) leave this as "/".
      $config['site']['path']="/demo/";
      	#the meta keywords you want on every page goes between the "".  Keywords for specific pages, categories, or products will be added in another section.
      $config['site']['keywords']="these are the meta keywords";
      	#the meta description you want on every page goes between the "".  Descriptions for specific pages, categories, or products will be added in another section.
      $config['site']['description']="this is the meta description";
      
      #$config['site']['url']
      $config['site']['url']=$config['site']['sub'].$config['site']['domain'].$config['site']['path'];
      
      #$config['site']['absolute']
      if ($config['site']['secure']=="Y"){$protocol="https://";}else{$protocol="http://";}
      $config['site']['fullurl']="$protocol".$config['site']['sub'].$config['site']['domain'].$config['site']['path'];
      
      #determine http:# or https:# and redirect if necessary
      if($_SERVER['SERVER_PORT']!=443 && $config['site']['secure']=="Y"){header("location:".$config['site']['fullurl'].$_SERVER['REQUEST_URI']."");}
      
      #for legal use, please leave this alone! 
      $config['site']['version']="<a class=\"footer\" href=\"http://www.EDITED.com\">EDITED</a>";
      
      #define constants for database connection
      define(DB_HOST, $config['db']['host']);
      define(DB_NAME, $config['db']['name']);
      define(DB_USER, $config['db']['user']);
      define(DB_PASS, $config['db']['pass']);
      
      #define constants for configuration values
      define(SITE_NAME, $config['site']['name']);
      define(SITE_TEMPLATE, $config['site']['template']);
      define(SITE_SECURE, $config['site']['secure']);
      define(SITE_SUB, $config['site']['sub']);
      define(SITE_DOMAIN, $config['site']['domain']);
      define(SITE_PATH, $config['site']['path']);
      define(SITE_KEYWORDS, $config['site']['keywords']);
      define(SITE_DESCRIPTION, $config['site']['description']);
      define(SITE_URL, $config['site']['url']);
      define(SITE_FULLURL, $config['site']['fullurl']);
      define(SITE_VERSION, $config['site']['description']);
      
      $check="OK!";
      ?>
      

      login_form.php

      <?php
      //can we get config values?
      echo"<br>check:$check FROM login_form.php";
      echo SITE_URL;
      ?>
      

      /admin/index.php

      <?php
      session_start();
      
      #ERROR REPORTING (STRICT!)
      ini_set('display_errors',1);
      error_reporting(E_ALL|E_STRICT);
      
      require_once("../inc/config.php");
      require_once("../inc/db.php");
      
      //can we get config values?
      echo"<br>check:$check FROM /admin/index.php";
      echo SITE_URL;
      
      require_once("../inc/login_form.php");
      ?>
      

      When I go to /admin/index.php everything works except what is included from login_form.php.

      I get this:

      check😮K! FROM /admin/index.php <<this is working
      www.EDITED.com <<this is working

      check: FROM /login_form.php <<this is failing
      Notice: Use of undefined constant SITE_URL - assumed 'SITE_URL' <<this is failing

      Many thanks in advance for sharing your knowledge.

        Worked OK for me. The only thing I did differently was that I had to comment out the require_once() of the db.php file. From the sequence of events, I cannot see how that difference should matter.

        check😮K! FROM /admin/index.phpwww.EDITED.com/demo/
        check😮K! FROM login_form.phpwww.EDITED.com/demo/

        One thing I'd thought of that would've been an issue was if you were including via a URL instead of local file path, but from the code provided that does not appear to be an issue.

        However, one issue I see is that your define() statements are incorrect in the config file: the constant names should be quoted:

        define([color=red]"DB_HOST"[/color], $config['db']['host']);
        

        If unquoted, DB_HOST would be treated as an undefined constant and throws a notice-level warning. This probably will not have a functional impact other than generating the notice, but should be corrected just in case.

          😃 !AWESOMETACULAR! 😃

          The quotes around the constants fixed it.

          Many thanks for the help and quick replies!

            Write a Reply...