Global Variables and Sessions

[TheBigB]

Hi people,

I'm rushing my way through PHP and learning a lot every day, but there are questions which remain unanswered. I could look up fancy definitions, but most of the times I don't get wiser from them, so I though I might ask you guys.

No1.
Can I overuse global variables?
In the way I have a settings file with nearly all variables declared as a global?

No2.
How do sessions really work? Does the browser actually get hold of any of the session variables, or is it server bound? In a simpler question; are session variables really safe?

If you guys would want to answer these questions, I would greatly appreciate it.

[penagate]

Question 1: Using too many global variables is generally considered a bad practice.
You have to understand the scope of variables in a script. Say the user requests index.php which includes settings.php and funkystuff.php. Any variables declared in index.php will be accessible in the included files, and any variables declared in those files will be accessible in index.php after the included files are run. They will be erased when index.php finishes; there is no way to make script's life persist beyond a request.
That said, you could declare some constants in settings.php [using define('CONSTANT_NAME', value)] and use them throughout your other scripts.

Question 2: A session is a set of values (session variables) identified by a session ID. The session variables are stored on the server, while the session ID is transmitted with each request somehow; the default method is to use a cookie, while another oft-used method is to use a GET parameter. The cookie option is generally more reliable and secure as it avoids the chance of session hijacking (one user sending a URL containing a session ID to someone else who then inadvertently 'hijacks' their session). You may also wish to check the user's IP address as well as their session ID to further avoid this.

The session variables are never automatically transmitted to the user.

[TheBigB]

Thanks for answering, but one question though;
Are you saying making many globals slows down the process/makes it less efficient, or are you saying that it's unrecommended due to naming intersections?

[penagate]

The second of those. It is preferable to use classes and class constants/static fields.

[visualAd]

The use of global variables depends on the programming / design methodology you are using. With a modular design, global variables are desirable when data is required in multiple functions - however; as mentioned by pena - this data could be overwritten by another function, included file or piece of code. So the use of global variables should limited only to such occasions where the validity or integrity of the data are unimportant (quite rare ).

Constants are better solution and unlike other programming languages, can be defined at runtime using the define construct. In other modular programming languages you can use static variables within a function in order to mimic a global variable.

If you are using object orientated design; global variables should never be used. Instead class level (static) variables should be used. Even constants should stay in class.

PHP Code:

class Fart
{
    Const NOXIOUS_CONTENT = "1.5.6.4";
    private static totalPollution = 0;
}