Home/ Questions/Q 6375925
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T01:40:44+00:00

I have a question about PHP require() function. I have a PHP script called

  • 0

I have a question about PHP require() function. I have a PHP script called (login.php) and on that (login.php) I use various require() functions to get heavy PHP coded scripts to work on that original script (login.php).

However I noticed on a require() script I can access local variables defined on the original (login.php). However the problem is say on that required script I have another require() function then those variables originally defined on (login.php) are lost (ie if I do an isset() says they are not set?). So how do you get around this require() within require() problem?

Any ideas perhaps using $_SESSION or $GLOBALS variables instead? I know about $_SESSION variables but are $GLOBALS variables secure?

Below is short example of script var set on (login.php)

if(!isset($header_displayed))
    {
        echo "<div id='header'>
            <div id='logo'></div>
        </div>";
        $header_displayed=1; 
    }

Then this script is called from above (login.php) using require()

if(!function_exists('writeErrors'))
    {
        function writeErrors($error,$host_details,$date,$page,$line) 
        {
            require("/home/darren/crash_msg/error_msg.php");
        }
    }

And then on error_msg script called the $header_displayed var is not set?

From feedback seems using require() within function will restrict all global vars. So you have to do this:

    if(!function_exists('writeErrors'))
    {
        function writeErrors($error,$host_details,$date,$page,$line, add var paramters that you need ie $header_displayed) 
        {
            /*log SQL stuff*/
            $display_error_msg=1;
require("/home/darren/crash_msg/error_msg.php"); /*now header_displayed var set on this script*/
        }
    }
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    According to your comment, you call require() inside a function. Therein lies your problem. When you include/require inside a function, then the included script inherits the scope of that function, which does not include the global variables defined in either your login.php script or the first script included by login.php.

    It is best practice with globals to always call them as $GLOBALS['varname']. Note it isn’t $_GLOBAL, but its own unique oddity.

    Regarding security, it isn’t any less secure to use $GLOBALS than anything else as long as register_globals is turned off (and it really really should be). It is just considered to be a sloppy practice to rely too much on globals, particularly on globals defined in other scripts.

    It is typically better to pass the only the values needed as parameters to functions, or to store variables you know you will need all the time in $_SESSION.

    It is not recommended to ever call an included file inside a function, since when reading the included file by itself you have no context for the scope it runs in. You would assume it executes in the global scope, but that is incorrect. To whatever degree possible, it is recommended to refactor your code to avoid including inside a function. For example, whatever executes inside the included file should be wrapped in a function with the needed global vars passed to it as parameters. Call that function in place of the require().

    • 0