PHP :: Bug #23811 :: Global Varible Over Write

Bug #23811	Global Varible Over Write
Submitted:	2003-05-26 06:52 UTC	Modified:	2003-05-27 08:57 UTC
From:	LouisGreen at pljg dot freeserve dot co dot uk <LouisGr	Assigned:
Status:	Not a bug	Package:	Variables related
PHP Version:	4.3.1	OS:	Windows XP
Private report:	No	CVE-ID:	None

View Developer Edit

[2003-05-26 06:52 UTC] LouisGreen at pljg dot freeserve dot co dot uk <LouisGr

It seems that when you wish to export a varible, you can do it as return $varible, return an array(), or globalise it. If you return something, information for that varible can only travel one way when the script is running, and that is out of the function. 

function fn() {
  $varible = "something";
  return $variable;
}

echo fn();
OR
$newvariable = fn();

Although if global was used, it creates a pointer to a varible, whether it existed or not, and makes whatever is globalised in the function linked to that global pointer. So if the pointer was global $varible, and then you set a value to $varible, it would then be accessible in the global scope. But what if later on in the script that global was redefine? This means that whatever is put into the global array, the information that is set in the pointer, can be set at any point (overiden). Here is an example that might make this a little clearer:

function fn1() {

   global $varible; // Pointer to the global array
   $varible = "something";
}

fn1();
echo $varible; // Prints something
$varible = "12345";
echo $varible; // Prints 12345

function fn2() {

   global $varible; // Pointer to the global array
   echo $varible;
}

fn2(); // echos $varible which contains "12345"

Basically with the global array, it can be set to refer to something already defined or set it to something, (a pointer) such as varible you plan to create in the function, and later possibly over ride the pointer with something else.

---------------------------------------------
This was originally posted in the manual, but was removed. I was notified of this via email, which suggested I do a bug report, or report it as a security flaw. I'm not sure which is best, so I entered in a bug report.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-05-26 11:01 UTC] sniper@php.net

http://www.php.net/manual/en/language.variables.scope.php

I can't see any bug nor security issue here either, it's
all up to the programmer how he/she uses this.

[2003-05-26 19:24 UTC] LouisGreen at pljg dot freeserve dot co dot uk

True, which is mainly why I wondered why it got removed from the comments in the manual. I think if a global is properly checked, then it shouldn't be an issue. Excepts, any varible is so easily overiden, its could easily be over looked. Is there an internal way PHP checks to see if a global varible already exists, before it gets overiden?

[2003-05-27 08:57 UTC] rasmus@php.net

You are describing a basic characteristic of every programming language out there.  Functions clobbering global variables.  PHP is the only language I know of which handles the problem of inadvertently clobbering globals by forcing you to declare when you want to clobber a global from inside a function.  And no, there is no automatic warning if the variable is already set.  If you want to check, call isset() on it first.  This is no different than asking if there is a warning on code like:

$a = 1;
$a = 2;

If we were to throw warnings every time you reassigned a variable you would drown in a sea of warnings.

As far as I am concerned this is explained adequately in the variable scope section and doesn't need further clarification.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2026 The PHP Group All rights reserved.	Last updated: Sun Mar 15 04:00:01 2026 UTC