Posted by Chung Leong on 11/07/42 11:31

R. Rajesh Jeba Anbiah wrote:
> Chung Leong wrote:
> > Avoid using global variables in general. It's a bad programming
> > practice. For configuration info, use either constants or a function.
>
> It is true that constants cannot be tampered. But, I don't get
> the idea, how it is a right choice for global scope thing. I also tried
> the function, but in my tests, it severely affects the memory.

A lot of vulnerabilities in PHP programs are caused by people using
global variables to store configuration info. If parameter is constant
value, then it should be a constant.

I don't quite understand what you mean by the use of functions
affecting memory. The idea is to use a function to return a parameter
as opposed to storing it in a global variable. What that does is
changing the assumption made by your code. When you use a global
variable to store a configurable parameter, your code assume that the
it was assigned to the proper value at an earlier point in time. When
you call a function, it is assuming the function exists. This latter
assumption is enforced by PHP (or else the script dies) hence it's
safer. In contrast, it's far harder to prove that the former assumption
would hold under all circumstances.

• Next in forum: Re: I want to create something like AMAZON: those who liked page A also liked page B
• Prev in forum: Re: Dynamic Voting Script
• Thread view: Re: PHP Security

[Reply to this message]