Eric Butera schreef:
On Jan 10, 2008 4:00 PM, Stut <stuttle@xxxxxxxxx> wrote:
Eric Butera wrote:
Haha. Thank you for all that insightful research. Seriously though,
using globals you might already be in hell! =\
IMHO global variables are evil in the same way that register_globals
were. Despite everything you've probably heard it is actually possible
to create a secure site with register_globals enabled, but it needs to
be done with due care and attention. The same goes for globals. They are
not inherently evil but they are easily abused so you need to be careful
when you use them.
-Stut
--
http://stut.net/
Stut,
That is all well and fine and I agree with you on some level. The
only problem is that this is the php-general list and as such I try
and put red flags on things to help others realize sooner than I did
the pro/con list of things.
if you can follow Stut's advice regarding globals then it's a good thing,
if you're very good at what you do you'll know when it's *acceptable* to
take a little short cut and use a global (most people have one or two those
little projects that have to be up and running in no time where a global
or two helps shave some undesired time and complexity from the project)
Register globals makes working with request data extremely easy.
really? if you see $_POST['foo'] you know where it came from,
if you see $foo you can't be sure it's a request var ... in the most
extreme case it could be a var declared in an auto_prepend_file.
of course if you know absolutely nothing about php it make's it easier - but
in the long run (same the 5 or 10 minutes it takes to read up on request superglobals)
it's an accident waiting to happen.
At
the same time it also makes it where GPC collisions and whatnot can
really burn you in the end. For the overwhelming majority of users it
causes more problems than it solves which is why it is going away.....
someday.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php