Safe alternatives to PHP Globals (Good Coding Practices)
The alternative is called dependency injection. In a nutshell it means that you pass the data a function/class/object requires as parameters.
function showPage(Database $db, array &$output) {
...
}
$output['header']['log_out'] = "Log Out";
$db = new Database;
showPage($db, $output);
This is better for a number of reasons:
- localizing/encapsulating/namespacing functionality (the function body has no implicit dependencies to the outside world anymore and vice versa, you can now rewrite either part without needing to rewrite the other as long as the function call doesn't change)
- allows unit testing, since you can test functions in isolation without needing to setup a specific outside world
- it's clear what a function is going to do to your code just by looking at the signature
Are global variables in PHP considered bad practice? If so, why?
When people talk about global variables in other languages it means something different to what it does in PHP. That's because variables aren't really global in PHP. The scope of a typical PHP program is one HTTP request. Session variables actually have a wider scope than PHP "global" variables because they typically encompass many HTTP requests.
Often (always?) you can call member functions in methods like preg_replace_callback() like this:
preg_replace_callback('!pattern!', array($obj, 'method'), $str);
See callbacks for more.
The point is that objects have been bolted onto PHP and in some ways lead to some awkwardness.
Don't concern yourself overly with applying standards or constructs from different languages to PHP. Another common pitfall is trying to turn PHP into a pure OOP language by sticking object models on top of everything.
Like anything else, use "global" variables, procedural code, a particular framework and OOP because it makes sense, solves a problem, reduces the amount of code you need to write or makes it more maintainable and easier to understand, not because you think you should.
Stop using `global` in PHP
The point against global variables is that they couple code very tightly. Your entire codebase is dependent on a) the variable name $config and b) the existence of that variable. If you want to rename the variable (for whatever reason), you have to do so everywhere throughout your codebase. You can also not use any piece of code that depends on the variable independently of it anymore.
Example with global variable:
require 'SomeClass.php';
$class = new SomeClass;
$class->doSomething();
Anywhere in the above lines you may get an error because the class or some code in SomeClass.php implicitly depends on a global variable $config. There's no indication of this whatsoever though just looking at the class. To solve this, you have to do this:
$config = array(...);
require 'SomeClass.php';
$class = new SomeClass;
$class->doSomething();
This code may still fail somewhere if you do not set the correct keys inside $config. Since it's not obvious what parts of the config array SomeClass needs or doesn't need and when it needs them, it's hard to recreate the correct environment for it to run correctly. It also creates conflicts if you happened to already have a variable $config used for something else wherever you want to use SomeClass.
So instead of creating implicit, invisible dependencies, inject all dependencies:
require 'SomeClass.php';
$arbitraryConfigVariableName = array(...);
$class = new SomeClass($arbitraryConfigVariableName);
$class->doSomething();
By passing the config array explicitly as a parameter, all the above problems are solved. It's as simple as handing the required information around inside your app. It also makes the structure and flow of the application and what talks to what much clearer. To get to this state if your application is currently a big ball of mud may take some restructuring.
The bigger your codebase gets, the more you have to decouple the individual parts from each other. If every part is dependent on every other part in your codebase, you simply cannot test, use or reuse any part of it individually. That simply devolves into chaos. To separate parts from each other, code them as classes or functions which take all their required data as parameters. That creates clean seams (interfaces) between different parts of your code.
Trying to tie your question together into one example:
require_once 'Database.php';
require_once 'ConfigManager.php';
require_once 'Log.php';
require_once 'Foo.php';
// establishes a database connection
$db = new Database('localhost', 'user', 'pass');
// loads the configuration from the database,
// the dependency on the database is explicit without `global`
$configManager = new ConfigManager;
$config = $configManager->loadConfigurationFromDatabase($db);
// creates a new logger which logs to the database,
// note that it reuses the same $db as earlier
$log = new Log($db);
// creates a new Foo instance with explicit configuration passed,
// which was loaded from the database (or anywhere else) earlier
$foo = new Foo($config);
// executes the conversion function, which has access to the configuration
// passed at instantiation time, and also the logger which we created earlier
$foo->conversion('foo', array('bar', 'baz'), $log);
I'll leave to implementation of the individual classes up as an exercise for the reader. When you try to implement them, you'll notice that they're very easy and clear to implement and do not require a single global. Every function and class gets all its necessary data passed in the form of function arguments. It should also be obvious that the above components can be plugged together in any other combination or that dependencies can easily be substituted for others. For example, the configuration does not need to come from the database at all, or the logger can log to a file instead of the database without Foo::conversion having to know about any of this.
Example implementation for ConfigManager:
class ConfigManager {
public function loadConfigurationFromDatabase(Database $db) {
$result = $db->query('SELECT ...');
$config = array();
while ($row = $result->fetchRow()) {
$config[$row['name']] = $row['value'];
}
return $config;
}
}
It's a very simple piece of code that doesn't even do much. You may ask why you'd want this as object oriented code. The point is that this makes using this code extremely flexible, since it isolates it perfectly from everything else. You give one database connection in, you get one array with a certain syntax back. Input → Output. Clear seams, clear interfaces, minimal, well defined responsibilities. You can do the same with a simple function.
The extra advantage an object has is that it even further decouples the code that calls loadConfigurationFromDatabase from any particular implementation of that function. If you'd just use a global function loadConfigurationFromDatabase(), you basically have the same problem again: that function needs to be defined when you try to call it and there are naming conflicts if you want to replace it with something else. By using an object, the critical part of the code moves here:
$config = $configManager->loadConfigurationFromDatabase($db);
You can substitute $configManager here for any other object that also has a method loadConfigurationFromDatabase. That's "duck typing". You don't care what exactly $configManager is, as long as it has a method loadConfigurationFromDatabase. If it walks like a duck and quacks like a duck, it is a duck. Or rather, if it has a loadConfigurationFromDatabase method and gives back a valid config array, it's some sort of ConfigManager. You have decoupled your code from one particular variable $config, from one particular loadConfigurationFromDatabase function and even from one particular ConfigManager. All parts can be changed and swapped out and replaced and loaded dynamically from anywhere, because the code does not depend on any one particular other piece.
The loadConfigurationFromDatabase method itself also does not depend on any one particular database connection, as long as it can call query on it and fetch results. The $db object being passed into it could be entirely fake and read its data from an XML file or anywhere else instead, as long as its interface still behaves the same.
Proper use of Variable Scope in PHP
If these functions are the only ones using these variables, it might better to make a class in which these variables are local to.
That way you do not pollute the global namespace and have the need to use the global keywords in every function.
For example:
class MySite {
private $site;
private $admin;
private $dir;
private $ma_plug;
private $base;
function __construct($site, $admin, $dir, $ma, $base) {
$this->site = $site;
$this->admin = $admin;
//...
}
}
PHP $GLOBALS Suggestion
Is there any performance or security issues when doing this?
No, but it is a bad practice. Storing data in the global scope can be a sign of bad design. Excessive globals are a "code smell," but I'm not getting that from this specific use.
As mentioned in the comments, they seem to be abusing globals instead of implementing the Registry pattern, which is designed to allow for exactly this type of behavior without contaminating the global scope.
Many other languages don't actually have a global scope for variables, meaning that they'd have to use Registry (or something like it) instead. PHP just happens to make it easy to do the wrong thing.
Using a Registry rather than globals also can make it easier to perform automated testing on the code.
Why are global variables evil?
This has nothing to do with Python; global variables are bad in any programming language.
However, global constants are not conceptually the same as global variables; global constants are perfectly harmless. In Python the distinction between the two is purely by convention: CONSTANTS_ARE_CAPITALIZED and globals_are_not.
The reason global variables are bad is that they enable functions to have hidden (non-obvious, surprising, hard to detect, hard to diagnose) side effects, leading to an increase in complexity, potentially leading to Spaghetti code.
However, sane use of global state is acceptable (as is local state and mutability) even in functional programming, either for algorithm optimization, reduced complexity, caching and memoization, or the practicality of porting structures originating in a predominantly imperative codebase.
All in all, your question can be answered in many ways, so your best bet is to just google "why are global variables bad". Some examples:
- Global Variables Are Bad - Wiki Wiki Web
- Why is Global State so Evil? - Software Engineering Stack Exchange
- Are global variables bad?
If you want to go deeper and find out why side effects are all about, and many other enlightening things, you should learn Functional Programming:
- Side effect (computer science) - Wikipedia
- Why are side-effects considered evil in functional programming? - Software Engineering Stack Exchange
- Functional programming - Wikipedia
PHP : Difference of $_ENV and $GLOBALS
You should not use global variables at all and instead use dependency injection (i.e. pass all necessary data as function parameters), but if you have to, use $GLOBALS. $_ENV holds data from outside the PHP script passed by the system. While it may serve the purpose as a superglobal, that's not what it's meant for.
Related Topics
PHP Spl_Autoload_Register VS _Autoload
How to Validate Phone Number Using PHP
Checking If a String Contains an Integer
How to Enable Ssl in Wamp Server
Check If a File Was Included or Loaded
Allowing Users to Refresh Browser Without the "Confirm Form Resubmission" Pop-Up
PHP E-Mail Form Sender Name Instead of E-Mail
Using '$This' in an Anonymous Function in PHP Pre 5.4.0
Ios7 - Receipts Not Validating at Sandbox - Error 21002 (Java.Lang.Illegalargumentexception)
PHP Switch Case More Than One Value in the Case
How Download Big File Using PHP (Low Memory Usage)
PHP 5 Reflection API Performance
Mysql_Connect (Localhost/127.0.0.1) Slow on Windows Platform
Create Superglobal Variables in PHP
Class 'App\Http\Controllers\Db' Not Found and I Also Cannot Use a New Model