global command security

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
m@ndio
Forum Regular
Posts: 163
Joined: Fri Jun 06, 2003 12:09 pm
Location: UK

global command security

Post by m@ndio »

by declaring a variable as global within your scripts are there any security implications? or are there any disadvantages?
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

By declaring as global do you mean within a function?

Mac
User avatar
m@ndio
Forum Regular
Posts: 163
Joined: Fri Jun 06, 2003 12:09 pm
Location: UK

Post by m@ndio »

yea like:

Code: Select all

fuction bob(){

global $whatever;

//code here

}

$whatever += 10;
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

Global variables are normally a maintence nightmare and can cause hard to diagnose bugs to appear. However, I don't think I would say there are any security concerns directly tied to them.

(This is assuming that register_globals is off and you havn't used a "trick" to simulate it being on.)
User avatar
m@ndio
Forum Regular
Posts: 163
Joined: Fri Jun 06, 2003 12:09 pm
Location: UK

Post by m@ndio »

cheers nielsene
qartis
Forum Contributor
Posts: 271
Joined: Sat Dec 14, 2002 4:43 pm
Location: BC, Canada
Contact:

Post by qartis »

But the more variables are made global, the more memory is required. If you're doing a big project, or something that will be accessed very often, there are some obvious downsides to global variables.
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

Actually global variables use less memory as arguements are not passed, new reference aren't made, etc.

Yes globals are BAD, but not for the some of the reasons listed.
qartis
Forum Contributor
Posts: 271
Joined: Sat Dec 14, 2002 4:43 pm
Location: BC, Canada
Contact:

Post by qartis »

Whoa, really? I always avoided them, because I heard that the larger a variable's scope is, the more memory it takes up. Huh, you learn something new every day :)
User avatar
m@ndio
Forum Regular
Posts: 163
Joined: Fri Jun 06, 2003 12:09 pm
Location: UK

Post by m@ndio »

why are globals bad nielsene?
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

Globals are normally a sign of poor design/decomposition. Globals defeat encapsulatios and abstraction. They typically cause increase maintainence problems.

There are occasions when they are appropriate; however, they are used far too often because of laziness.
User avatar
cactus
Forum Regular
Posts: 343
Joined: Tue Jun 10, 2003 4:16 am
Location: UK

Post by cactus »

nielsene wrote:There are occasions when they are appropriate; however, they are used far too often because of laziness.
I think that about sums it up :)

Regards,
User avatar
m@ndio
Forum Regular
Posts: 163
Joined: Fri Jun 06, 2003 12:09 pm
Location: UK

Post by m@ndio »

hehe :lol:
Post Reply