Burhan Khalid wrote:
Jasper Bryant-Greene wrote:
Prepending the variable name with an underscore happens to be what PHP
does ($_SERVER, $_GET, $_POST, $_COOKIES, so on...) so it is simpler
just to carry on that convention.
This is exactly the reason why you shouldn't do it. You don't know when
PHP might come out with a new 'superglobal' that conflicts with your
$_Myfunc.
In addition, when PHP prepends $_ to a variable name, it means
something. Specifically, it means that the variable is a 'superglobal'.
The only exception to this that I know of is $GLOBALS.
For the reasons above, I avoid creating user variables with $_ --
although there is no rule regarding variable names (other than the
syntax rules).
Sometimes, just because you can do something, doesn't mean you should.
I understand what you're saying, and I had thought of that previously.
However, the only reason I can think of that PHP would create a
$_SAFE_POST superglobal is if it were to be doing exactly what I am
already doing with it, in which case it wouldn't matter.
What's more, if they did implement a $_SAFE_POST superglobal for
whatever reason, my scripts would continue to work anyway, because they
don't rely on the special functionality that could be introduced for
that variable. Example:
$_SAFE_POST = array_map('sanitise_func', $_POST);
would simply overwrite any existing $_SAFE_POST superglobal anyway.
Most of the time if I'm creating my own global variables I actually use
two underscores anyway, like $__db or $__user. I just use one underscore
when I sanitise user input because it looks cleaner.
Jasper
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
