ansaurus

Question

Answer 1

A:

I got it guys, I used define. Here is example:

define('URL', 'http://domain.com/');

function test() {
  echo URL;
}

But if you any one else knows other ways, please reply.

emcgfx 2010-09-18 12:30:11

Just did something like this define('XML', simple_xml_load('file.xml')); did not work lol That would be nice do.

emcgfx 2010-09-18 12:33:36

@emc the normal way of passing a string to a function is using a parameter. What exactly are you trying to do?

Pekka 2010-09-18 12:43:02

Answer 2

A:

Oddly enough, I think if you are asking purely from a security perspective, I'd say that using global variables to pass data to functions is best.

"Woah! Are you mental?" I hear you ask?

It's like the idea of abolishing seatbelts, and instead fixing a sharp, 6 inch spike onto all steering wheels instead. That would change your driving behaviour, no? You'd become the world's safest driver overnight!

So, if you forced yourself to use globals as parameters, you'd make sure your function did as much security checking on that data as possible, as you couldn't be sure your caller had taken care of it.

Of course, like the steering wheel spike, this is an utterly ridiculous suggestion. In the real world, you use function parameters wherever possible: easier to test, easier to read, allows recursive calls, etc... A more OO approach might be to use a class which takes the raw data in its constructor, and puts validated data into its member variables for other class methods to use.

Let the downvotes commence :)

Paul Dixon 2010-09-18 12:32:39

I thought that globals is more un-secure :) Is using define good enough for security ?

emcgfx 2010-09-18 12:37:43

I was being tongue-in-cheek, the question is a little silly. It doesn't matter what technique you use, you still have to sanity check the data.

Paul Dixon 2010-09-18 12:44:43

@ Paul Dixon, I disagree :-) Yes, you need to check data always which I do. But there is better approaches.

emcgfx 2010-09-18 12:46:38

But you pose your question from a *security* perspective, and there's little to distinguish the various techniques on those grounds. Using constants, as you suggest, doesn't really provide a parameter passing mechanism as it is invariant (or should be!)

Paul Dixon 2010-09-18 13:07:35

Answer 3

A:

Ok, here is another answer I just figured out, which is good enough for me.

define('XML', 'file.xml');

then in function do soemthing like this

function test()
  $xml = simplexml_load_file(XML);
}

This way at least I don't need to change "file.xml" name if I need to in every function :-)

emcgfx 2010-09-18 12:45:33

Why do you have multiple functions all reading the same file? One function is quite enough, if you need the xml in multiple places, then call that function and use the result - no need to keep the name of the file in some constant at all.

Anti Veeranna 2010-09-18 16:19:03

Answer 4

A:

Try yo use $GLOBALS array

function test() {
  echo $GLOBALS['url'];
}

or

function test() {
  global $url;
  echo $url;
}

SeniorDev 2010-10-08 11:21:32

ansaurus

tags:

views:

answers:

Best way to pass string to function ?

related questions