To create a full site that has wide functionality you need to know a lot. But what can make it truly unique is PHP. A global variable in this programming language is not used very often, but sometimes it is just necessary to know how it works. That's the study of what it is and how it works, we will do in this article.
Area of visibility
This is the context in which the variable is defined. In most cases, they have only one scope. When in PHP global variables are loaded from other files, then in it they can be include (include) and required (require).
By default, they are limited to the local scope of the function. But how to make the variable see files beyond its borders, and could they also use it? For this, a global variable is provided in PHP.
Keyword "global"
But how to declare a global PHP variable? To achieve this goal, the word "global" will help us. It is necessary to place it before the variable that needs to be made global (for example, global “Variable”).
After the implementation of this instruction, any file will be able to work with the data. If somewhere there are links to this variable, then the program will always pay attention to the global version.
Why such a weird wording? The fact is that at the same time local versions may exist. But they will be available exclusively in those files where they are declared. And for everyone else, the global variables of the PHP class will act. Therefore, you must be careful. And so that there is no doubt, here's an example of how they look: global a.
Since, if one file will have access to several variables, this will cause their conflict. But here it is impossible to say for sure whether a local or global variable will be read, or an error will occur at all. So, if it is written inside the function, then there should be no problems. But using a variable beyond its borders will be problematic. Therefore, it is necessary to carefully monitor the structure of compiling the program code and make sure that there are not even any prerequisites for this conflict to arise.
Another recording option
Is it possible to create a global variable in PHP in another way? Yes, and not even one. First, let's look at $ GLOBALS. This is an associative
array. The key in it is the name. The value is the contents of the global variable. It should be noted that this array after the declaration exists in any scope. This gives reason to consider it superglobal. It looks like this: $ GLOBALS ['Variable'].
Predefined / Superglobal Variables
Each programming language has some names that are chartered for its individual functions. Therefore, creating global variables of the same name in PHP will not work.
This programming language has its own characteristics. So, it is important that the predefined variables here do not have the “super” setting, that is, they are not available in all places. How to fix this? In order for a predefined variable to be available in some local area, it must be declared as follows: global "Variable". It seems to be the same as previously told, right? True, but not quite. Let's look at an already “combat” example:
- global $ HTTP_POST_VARS;
- echo $ HTTP_POST_VARS ['name'].
Feel the difference between the two? Keep in mind that in PHP a global variable does not have to be used as part of a function. It can generally be located in a file that is included in it.
Links and Security
As you can see, creating a global variable in PHP is not a problem. But are there any features regarding the links? Yes, there may be unexpected behavior when using global. But before that a little background.
In version 4.2.0, the register_globals directive changed by default from on to off. For most users, this is not very important, but in vain. After all, this directly affects the safety of the product being developed. If you need to make the variable global, the PHP directive will not directly affect this parameter. But misuse can already create security precedents.
So, if register_globals is on, then before executing the written code, various variables are initialized, which are necessary, for example, to send HTML forms. Therefore, it was decided to disable it.
Why does the global variable owe much to the state of this directive in php? The fact is that with the state turned on, developers were not always able to answer for themselves the question of where it came from with confidence. On the one hand, this made it easier to write code. But on the other - it posed a security risk. Therefore, in order to avoid errors, as well as data mixing, the directive was disabled.
Now let's look at the non / safe code, as well as how to detect cases where the declaration of a global PHP variable is accompanied by data substitution attempts. This is necessary in order to create not only beautiful, but also stably working sites that the first person who does not hack.
Dangerous code
Let's establish that the variable is true for those who are authorized:
if (authenticate_user ()) {
$ authorize = true;
}
if ($ authorize) {
include "/highly/sensitive/data.php";
}
In this state, the variable can be set automatically. Considering that the data can be simply replaced, and the source of their origin is not established, then any person can pass such a check and impersonate someone else. If desired, the logic of the script may be violated by an attacker (or just a curious but inexperienced person).
If you change the value of the directive, then this code can work correctly, as we require. But initializing variables is not only a good form in programming, but also gives us certain guarantees of the stability of the script.
Reliable version of the code
To achieve this goal, you can either turn off the directive, or register more complex code. For example, like this:
if (isset ($ _ SESSION ['username'])) {
echo "Hello <b> {$ _SESSION ['username']} </b>";
} else {
echo "Hello <b> Guest </b> <br />";
echo "Greetings, user!";
}
To make a substitution in this case will already be difficult. But still - it is possible. For this, care must be taken to ensure that rapid response tools are provided. If you need to include global variables in PHP, then you can use the following tool: if we know in what range the value will be, we can register the script to check this using matching. Of course, this also does not guarantee full protection against substitution of values. But the enumeration of possible options will greatly complicate.
Finds a substitution attempt
Let's check how you understood what was written earlier. In PHP, global variables in a function, which will be provided below, you will need to declare yourself. We can say that this is, in some way, homework on mastering the topic of the lesson. Here is the code:
<? php
if (isset ($ _ COOKIE ['C_COOKIE'])) {
} elseif (isset ($ _ GET ['C_COOKIE']) || isset ($ _ POST ['C_COOKIE'])) {
mail ("administrarot@example.com", "Attention, the script recorded an attempt to hack and replace data", $ _SERVER ['REMOTE_ADDR']);
echo "Security has been compromised or attempted to do so. Admin notified";
exit
} else {
}
?>
And now explanations for him. The C_COOKIE variable comes to us from a reliable source. In order to fully verify that the result is expected, we check its value and, in case of problems, notify the administrator. If nothing came, then no action should be taken. You need to understand that simply disabling the register_globals directive does not make your code safe. Therefore, any variable that the script receives from the user must be checked for the expected value.
Conclusion
That, in general, is all you need to know about global variables in order to successfully and safely use them in your activities. Of course, to say that there is a full guarantee that no one can take advantage of them - crackers are constantly improving their methods and skills. Therefore, it is desirable to limit the use of global variables in the code to the maximum. Fortunately, the structure and construction features of this programming language allow us to achieve this goal. Good luck!