Global Custom Variable

6

In this question here , I explained that I was afraid to save my settings in the $GLOBALS variable because it transforms my settings into global values, so the guy answered me that he had no problem, and then asked me for the comments if they were global like . As the staff told me not to edit the question when it already has answers I created this to explain how I record the values and how I get them, and then maybe someone here can answer me if I should avoid using it or not. I also do not know if the question is the same as the one I did yesterday, but I hope not.

At this point I'm defining my variable like this:

$GLOBALS['configuracao'] = array(
    'banco'=>array(
        'nome'=>'proj3439',
        'tabela'=>'usuarios'
    ),
    'sessao'=>array(
        'tempo'=>24,
        'nomeSessao'=>'testeS'
    )
);

Then if you try to print the value of it on the screen, it shows me the name and values of all global variables type SERVER_ADDR , POST and others.

Now, your I put the name of my configuration with the variable symbol and try to print the value of it on the screen, it returns me the values I defined before.

$GLOBALS['_CONFIG'] = array(
    'banco'=>array(
        'nome'=>'proj3439',
        'tabela'=>'usuarios'
    ),
    'sessao'=>array(
        'tempo'=>24,
        'nomeSessao'=>'testeS'
    )
);

If I try to read the value of this configuration there in the same way I do with POST , it will show me the values I put in the variable:

print_r($_CONFIG);

Then I realized that if I create a variable and put a value in it, it goes right through the variable $GLOBALS .

$configuracao = "proj3439";

These settings I put up there only appear when I start the script that defines them, I always call this script so I have my settings always loaded. When they are started I can use them anywhere in my script , even within classes and functions, it looks like a normal variable, but I just set it straight on $GLOBALS . >

Is there any problem setting my settings the moment I script or even in that variable?

People are able to forge data arriving by $_GET which is also a global, and I have created a similar global. Will I have security issues?

    
asked by anonymous 08.12.2015 / 17:24

1 answer

6

The problem of using global variables implicitly is not great, but you lose the perspective you are dealing with globally.

Have you seen in the other questions that global is not something to be abused, to use where you really need global status. It's easy to confuse things when dealing with global ones. But there are cases to use.

So, although you can access the variable directly, avoid doing this, create a global convention of always accessing explicitly, saying that they are global.

There are two ways to do this. By the array associative $GLOBALS or the keyword global . Doing any one of them will be solving a possible scope problem.

$ GLOBALS X global

There was no difference, but it looks like in version 5.4 started getting better using the keyword global than the $GLOBALS variable. Semantically it gives the same, but there is a small gain using the keyword. Nothing that will significantly change performance, but it is a gain.

When you call the $GLOBALS variable for the first time, PHP has to get the name of all global and popular $GLOBALS with them by creating the array members, only exists as a variable when it is used.

Security

The $GLOBALS will be used, no matter what syntax you use. And it's safe on the server. In fact the $_GET and $_POST are also. The insecurity you hear is the data that will be sent to these variables (which are global as well). You have no control over the data coming in from outside the server, but when they are in there, they are safe.

In the case of what is in $GLOBALS you have full control over the content that is there. Do not worry. What's in $_GET you do not know what came from outside, so they say you have to validate the content. The problem is not the variable being global but where the content of it comes from. They are different things.

Before using any language features do not forget to read the documentation and do as you are doing, ask before using whenever you have questions.

    
08.12.2015 / 18:10