{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Explosion°爆炸 的问题《Why is it considered bad practice to use “global”》','https://www.manongdao.com/q-61354.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Possible Duplicate:
Are global variables in PHP considered bad practice? If so, why?
global in functions
Edit: question answered in link above.
No, "global" in php is not the same thing as global in other languages, and while it does not introduce any security problems it can make the code less comprehensible to others.
OP:
Project summary - I am writing a web CMS to get my feet wet with PHP / MySQL. In order to break up the code I have a concept of these basic tiers / modules:
Data
- MySQL Tables
- PHP Variables
Function
- SQL - Get / Set / etc
- Frontend - Showing pages
- Backend - Manager
Presentation
- HTML Templates
- Page Content
- CSS Stylesheets
The goal is common enough. Use MySQL to hold site settings and page content, use php to get / manipulate content data for a page being served, then insert into an html template and echo to browser. Coming from OO languages like C# the first problem I ran into was variable scope issues when using includes and functions.
From the beginning I had been writing function-only php files and including them where needed in other files that had existing variable array definitions. For example, ignoring the data tier for a moment, a simple page might generically look like this:
File 1 (page)
$DATA_PAGE = Array
(
'temp' = null,
'title' = null,
[...]
);
include 'functions.php';
get_data ( 'page.php' );
[...]
run_html ();
File 2 (functions)
function get_data ( $page_name )
{
global $DATA_PAGE;
$DATA_PAGE [ 'temp' ] = 'template';
$DATA_PAGE [ 'title' ] = 'test page';
[...]
}
function run_html ()
{
global $DATA_PAGE;
echo '<html>';
echo '<head>';
echo '<title>' . $DATA_PAGE [ 'title' ] . '</title>';
[...]
}
I chose this method for a few reasons:
- The data in these arrays after sql fetch might be used anywhere, including page content
- I didnt want to have a dozen function arguments, or pass entire arrays
The code runs great. But in every article I find on the subject, the "global" calls in my functions are called bad practice, even though the articles never state why? I thought all that meant was "use parent scope". Am in introducing a security hole into my app? Is there a better method? Thanks in advance.
It is bad practice to use variables from a different scope to your own, because it makes your code less portable. In other words, if I want to use the
get_data()function somewhere else, in another project, I have to define the$DATA_PAGEvariable before I can use it.AFAIK this is the only reason this should be avoided - but it's a pretty good reason.
I would pass by reference instead.
For many reasons, for example:
Hard to support code with global variables. You don't know where global variables can affect your logic and don't control access to them
Security - if you have complex system (especially with plugins), someone can compromise all system with global variables.
Because global variables can be modified by the process without other parts of your code knowing it producing unexpected results.
You should always try to keep variables scoped as locally as possible -- not only will this help you with debugging, but it will keep your code easier and cleaner to read and go back and modify.
If you are looking to share data across multiple functions, you might look into making a class for your data and then defining methods to operate on the data encapsulated in your object. (Object-Oriented programming)
Settings in a global variable are fine, but putting data that can be modified into a global variable can, as tkone said, have unexpected results.
That said, I don't agree with the notion that global variables should be avoided at all costs - just try wrapping them into, say, a singleton settings class.
I think a top reason for avoiding this is that it hides dependencies.
Your functions
get_dataandrun_htmldo not advertise in any way that they share data, and yet they do, in a big way. And there is no way (short of reading the code) to know thatrun_htmlwill be useless ifget_datahas not been called.As the complexity of your codebase grows, this kind of lurking dependency will make your code fragile and hard to reason about.