Computers, Software

PHP is a global variable in a function. Make global variable in PHP

To create a full-fledged site that has a wide functionality, you need to know a lot about it. But what can give it a real uniqueness is PHP. A global variable in this programming language is not used very often, but sometimes it is necessary to know how it works. By studying what it is and how it works, we will take up this article.

Area of visibility

This is the name of the context in which the variable is defined. In most cases, they have only one scope. When in PHP global variables are loaded from other files, then in it they can be include (include) and required (require).

By default, they are limited to the local scope of the function. And how do you want the variable to be seen by the files outside its borders, and could they also be used? For this, PHP also provides a global variable.

The keyword "global"

But how to declare a global PHP variable? In achieving this goal, the word "global" will help us. You need to place it before the variable that you want to make global (for example, global "Variable").

After implementing such an instruction, any file can work with the data. If somewhere there are references to this variable, then the program will always pay attention to the global version.

Why such a strange formulation? The fact is that simultaneously with this there may be local versions. But they will be available only in those files where they are declared. And for everyone else, global variables of the PHP class will work. Therefore, you need to be careful. And so that there is no doubt, here's an example of how they look: global a.

Because if one file has access to several variables, this will cause them to conflict. But here one can not say exactly - a local or global variable will be read, or an error will arise. So, if it is written inside a function, then there should not be any problems. But using a variable beyond its boundaries will be problematic. Therefore, it is necessary to closely monitor the structure of the compilation of the program code and make sure that nowhere is there even the prerequisites for the conflict to arise.

Another option for recording

Is it possible to create a global variable in PHP in another way? Yes, and not even one. First, let's look at $ GLOBALS. This is an associative array. The key in it is a name. The value is the contents of the global variable. It should be noted that this array after the declaration exists in any scope. This gives grounds to consider it superglobal. It looks like this: $ GLOBALS ['Variable'].

Predefined / superglobals

In each programming language, there are some names that are chartered for its individual functions. Therefore, you can not create global variables in PHP with the same name.

In this programming language there are special features. So, important is that the predefined variables here do not have a "super" setting, that is, they are not available in all places. How can I fix this? In order for a predefined variable to be available in some local area, it must be declared as follows: global "Variable". It seems to be the same as previously told, right? True, but not really. Let's look at the "combat" example:

Global $ HTTP_POST_VARS;
Echo $ HTTP_POST_VARS ['name'].

Do you feel the difference between them? Note that in PHP, a global variable does not need to be used within a function. It can be located in a file that is included in it.

Links and security

As you can see, in PHP, creating a global variable is not a problem. But are there any features about the links? Yes, there can be unexpected behavior when using global. But before this a little background.

In version 4.2.0, the register_globals directive changed by default from off to on. For most users, this is not very important, but in vain. After all, this directly affects the safety of the product being developed. If you need to make a global variable, the PHP directive on this parameter will not directly affect it. But incorrect use can already create precedents for security.

So, if register_globals is on, before executing the written code, various variables are initialized, which are necessary, for example, to send HTML forms. Therefore, it was decided to turn it off.

Why is the state of this directive in php a global variable due to many? The fact is that when the state is on, the developers are not always able to independently answer the question of where it came from. On the one hand, it made it easier to write code. But on the other - this created a security threat. Therefore, to avoid mistakes, as well as mixing the data and the directive was disabled.

And now let's look at non-secure code, and also how to detect cases when the declaration of the PHP global variable is accompanied by attempts to spoof data. This is necessary in order to create not only beautiful, but also stable working sites that do not crack the first person who comes across.

Dangerous code

Let's establish that the variable is true for those who have been authorized:

If (authenticate_user ()) {
$ Authorize = true;
}

If ($ authorize) {
Include "/highly/sensitive/data.php";
}

In this state, the variable can be set automatically. Given that the data can simply be replaced, and the source of their origin is not established, then any person can pass such a check and impersonate someone else. If desired, the attacker (or just a curious, but inexperienced person) may violate the logic of the script.

If you change the value of the directive, then this code can work correctly, as we need. But initialization of variables is not only a good tone in programming, but also gives us certain guarantees of stability of the script.

A robust version of the code

To achieve this goal, you can either turn off the operation of the directive, or register a more complex code. For example, here is this:

If (isset ($ _ SESSION ['username']))) {

Echo "Hello {$ _ SESSION ['username']} ";

} Else {

Echo "Hello Guest
";
Echo "Hello, user!";

}

In this case, it will be difficult to make a substitution. But still it is possible. To do this, care must be taken to ensure that prompt response tools are provided. If you want to include global variables in PHP, you can use the following tool: if we know the range in which the value will be obtained, we can register it so that the script checks this by using a mapping. Of course, this also does not guarantee a full protection against the substitution of values. But here the search of possible options will considerably complicate.

Finds an attempted substitution
Let's check how you understood what you wrote earlier. In PHP global variables in the function, which will be provided below, you will need to declare yourself. It can be said that this is in some way a homework assignment to learn the topic of the lesson. Here is the code:

If (isset ($ _ COOKIE ['C_COOKIE'])) {
} Elseif (isset ($ _ GET ['C_COOKIE']) || isset ($ _ POST ['C_COOKIE'])) {

Mail ("administrarot@example.com", "Warning, the script recorded an attempt to hack and spoof data", $ _SERVER ['REMOTE_ADDR']);
Echo "Security has been compromised or attempted to do so." Administrator notified ";
Exit;

} Else {
}
?>

And now an explanation to it. The variable C_COOKIE comes to us from a reliable source. In order to fully verify the expected result, we check its value and, in case of problems, notify the administrator about it. If nothing has come, then no action should be taken. It should be understood that simply disabling the register_globals directive does not make your code secure. Therefore, any variable that the script receives from the user must be checked for the expected value.

Conclusion
That, in general, and everything that is necessary to know about global variables, in order to successfully and safely use them in their activities. Of course, to say that there is a full-fledged guarantee that no one can use it - crackers are constantly improving their methods and skills. Therefore, it is desirable to limit the use of global variables in the code to the maximum. Fortunately, the structure and features of building this programming language can achieve this goal. Good luck!

Similar articles

How do I set the alarm on my computer?

Computers

How to change the name in "VKontakte" and bypass the moderators

Computers

SDK - what is it? Description and features

Computers

Find duplicate files through the program

Computers

Accounting of computers in a modern enterprise

Computers

How to deal with malicious programs (malware)

Computers

Trending Now

Whether it is possible to drink at pregnancy a camomile: advantage, harm, properties, the instruction and responses

Home and family

The concept of international law. The subject of international law. Principles, methods and functions of international law

Law

Cluster analysis. A scientific approach to the study of complex phenomena

News and Society

Austenite is what?

Education

Phalaenopsis. Care after flowering

Homeliness

Multimedia system for cars: main functions

Technologies

Newest

Genesis is a hope for health and happiness of procreation

Health

Harmfulness or senile dementia?

Health

How to register for pregnancy

Law

Winged phrases and quotes about laughter

News and Society

Virtual reality: glasses for PC. Review of the best models

Computers

The plot, characters and actors: "John Cue"

Arts & Entertainment