Global vars

Hi All,

I was just wondering what you lot would consider the correct way to pass $vars through a series of forms. Via Session vars, hidden form values or using the 'global' variable definition?


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I'd be inclined to pass it as a global variable. It's less likely to be tampered with than sending it through the querystring or form submit.

i hope session is a very good idea to use and there is not much difference making a variable global or session
en is right
This response is pretty extensive and I hope doesn't go beyond what you require (or understand).

The various methods of passing data basically all have a place depending on your application and as such there are a couple of things to consider:

PHP Global Variables: uses cookies but pretty secure.

The php global variables use cookies (under a normal configuration). So this means that for the session variables to work the client must be willing to accept session cookies from your site.

This also means that if the variable was being passed across multiple servers the session cookies need to be tweaked to work. Basically under the normal setup for php a file on the server with a unique id identifies which cookies go with which clients. So obviously this will be a problem across multiple servers because both servers need to be able to access the cookie data AND know the cookie id. Incidentally you can get around this by using a mysql backend for you cookie data.

In theory it would be possible under some circumstances to forge a cookie and get the cookie details of somebody else. Although this would be pretty difficult.

Another issue with session variables is that earlier versions of PHP did not have session variables.

Form Hidden Variables: no cookies, somewhat insecure.

The real advantage of passing form variables is that you don’t require cookies. Many people (including me) don’t allow cookies until something breaks and then I enable them as I choose.

Another advantage for some applications is that you can easily pass some variables in the url allowing skipping of some steps in a wizard for example without actually writing any code to handle this. Sure in the session variable case you could write code to allow this but with straight form vars in can happen automagically.

The main problem with form variables (related to the last advantage) is that even with POST forms the variable names are know simply by looking at the html generated. And as such can easily be forged.

You can get around these problems for some applications by checking the variable in your PHP code to make sure they are not going to cause anything crazy to happen. But generally is anything crazy is possible don’t use form variables.

Although I do use form variables a lot the main thing I hate about them is that you have to do all the lines for every hidden var in every form that they move through. This can be tedious exercise of cut and paste.


So summing up, if you want something to be secure as possible use session variables. If security doesn't matter then form vars may be slightly more robust.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
enuneAuthor Commented:
Thanks for your opinion, all three of you!
The points were given to Beachbum_boy for having the most verbose answer :)

But my thanks go to all of you.

I was thinking that beachbum's answer was quite good too - made me aware of a few things that I hadnt previously considered. Thanks!

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Languages and Standards

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.