替换全局变量，方法和原因 [英] Replacing the global variables, how and why

问题描述

好吧，我一直在使用我的全局变量，并且在调用$ USER来获取用户ID方面没有任何问题。

大多数时间从SO上的人和一些在这里和那里阅读的人，对于使用全局变量都是如此否定。

因此，现在我准备改变方式并且不使用全局变量。

现在我包含一个函数protect（），它检查您的会话并创建全局变量，如$ USER，$ USERTYPE。 b
$ b

然后我可以在文件中尽可能多地使用这些变量。

什么可以替代这个？我曾想过让$ USER = grabUserid（）;这将返回用户ID，同样的用户类型，那已经是2个函数，我需要使每个变量的数据库查询功能呢？

关于我的$ connect，这是数据库的PDO对象，处理我所有的查询，我需要做$ connect = connectdb（）;也就是

那么http请求用js到另一个php文件，我需要通过它，但之间它可能是不安全的（如果你想到安全性）因为你可以在那里操作用户标识。

或者也许是这样做的第三个解决方案？或者我应该坚持全局？一劳永逸请提一下为什么全局变量如此糟糕？它是安全的吗？或者看起来脏的代码？ 解决方案

所以这个问题真的有两个问题：为什么我会停止使用全局变量，我应该使用另一个构造实现类似的功能。

首先，为什么您可能要停止使用全局变量：

让我说，不使用全局变量不是一条规则，而是一条准则。虽然这个问题的双方都有狂热分子，但是有一些很好的理由支持和反对它（虽然我听到的反对比反对）。您可能想要避免全局变量的一些原因：

1. 访问控制
   
   这可能是最大的不使用全局变量的最坚实的理由。通过全局变量构造，任何代码都可以以任何想要的方式使用存储在变量中的数据，而不考虑范围或原因。访问规则可以被破坏，数据可以通过鲁莽的写入而失效。未验证的访问意味着不可信的数据。




2. 并发性
   如果你有一个全局变量，根据定义它没有明确的访问规则，成为一个真正的问题。如果两个同时运行的实例或函数正在访问相同的数据，则无法保证读取或写入的顺序 - 进一步污染您的数据。
   

3. 耦合/结构/代码清晰
   
   简而言之，当您在OOPHP中使用全局变量时，您可能正在编码您以更直接的方式传递数据的方式。使用全局数据写入意味着使用该数据的过程之间的紧密耦合，并且难以理解数据流。在大多数情况下，重构几乎是必需的。第二，如何避免全球变数：

   
   

1. 静态变量/对象
   
   避免全局变量的最佳方法之一是将您的全局数据包装到静态对象中。这允许您在创建getter和setter的最低代码安全级别范围内围绕数据进行创建，这些数据可以绑定检查，访问限制或至少在必要时锁定全局变量。这可能是一些额外的编码，但您获得的数据安全级别是值得的。

重新设计
考虑原因你正在使用你的全球数据。你只是想解决在功能之间传递数据吗？您是否试图创建持久数据，这可以像使用$ Session一样轻松（并且更有效地）处理？通常全局变量是快速和简单配置或会话工作的缺点。使用配置文件或会话可以增加一些功能，扩展性和安全性，这些额外的工作通常是值得的。

有些情况下全局变量可能有用。在非常的小程序中，数据安全性完全不相关，或者在整个代码中真正使用了数据，但没有明确的方式来传递它或避免范围问题，可以使用全局变量，但通常它们是不好的做法。

考虑一个好方法是如果我的全局数据变成垃圾，我的脚本会发生什么。 如果答案只是不多，真的，那么你应该找到一种方法来保护这些数据或重新考虑你使用它的方式。

Ok so I have worked and used my global variables until now, and it has been no problem in just calling $USER to get the user id.

Most times from people on SO and some reading here and there, it all has been so negative towards using the global var.

So now i am ready to change the way and not using global variables.

Right now i include a function, protect() which checks your session and makes the global variables such as $USER, $USERTYPE .

And then i can just use these variables as much as i want in the file.

What can replace this? I have thought of making $USER = grabUserid(); that will return the user id, and same for the user type, thats already 2 functions and i would need to make function with database queries for every variable then?

And what about my $connect, which is a PDO object for the database, handling all my queries, i would need to do $connect = connectdb(); too

And what about http requests with js to another php file, i would need to pass it, but then between there it can be unsafe (if you think of security) as you can just manipulate the user id between there..

Or maybe theres a third solution of doing this? Or should i just stick to the globals? And once and for all please mention why globals vars are so bad? is it security? or the look of dirty coding?

解决方案

So this question is really two questions: why would I stop using global vars, and how should I implement similar functionality with another construct.

First, why you might want to stop using global vars:
Let me say that not using global variables is not a rule so much as a guideline. While there are zealots on both sides of the issue, there are some good reasons for and against it (though I've heard more against than for). Some reasons you might want to avoid global variables:

1. Access control
   This is probably the biggest and most solid reason for not using globals. With the global variable construct, any code can use the data stored in the variable any way it wants regardless of scope or reason. Access rules can be broken and the data can be invalidated by a reckless write. Unverified access means untrustworthy data.

2. Concurrency
   If you have a global variable, which by definition have no explicit access rules, concurrency can be a real issue. If two concurrently running instances or functions are accessing that same data, there is no way to guarantee the order in which reads or writes happen - further polluting your data.

3. Coupling/Structure/Code Clarity
   Simply put, when you're using global vars in OOPHP, it's likely you're coding your way around passing your data in a more direct way. Writing with globals implies tight coupling between the procedures using that data, as well as makes it difficult to understand the data flow. Refactoring is almost a necessity in most cases.

Second, how you can avoid global vars:

1. Static Vars/Objects
   One of the best ways to avoid globals is to wrap your "global" data in a static object. This allows you the minimum level of code safety of creating getters and setters around the data that can either bound check, access restrict, or at the least data lock your global variables as necessary. It may be a bit extra coding, but the level of data security you gain is worth it.

2. Refactor
   Think about the reason you're using your global data. Are you just trying to get around passing that data between functions? Are you trying to create persistent data that could be just as easily (and more effectively) be handled by $Session ? Often globals are stopgaps for quick and easy configurations or session work. Using config files or sessions add a level of functionality, extensibility, and security that is often worth the extra work.

There are a few cases where globals can be useful. In very small programs, where data security is entirely irrelevant, or where your data is TRULY used throughout the code with no good clear way of passing it or avoiding scope issues, it may be alright to use global vars, but in general they're bad practice.

A good way to think about it is "what would happen to my script if my global data turned out to be garbage." If the answer is anything but "not much, really," then you should probably find a way to protect that data or to rethink the way you're using it.

这篇关于替换全局变量，方法和原因的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！