Re: define()

On 16-06-2012 08:36, Karl DeSaulniers wrote:
> Quick question phprz. Is it ok to put a token inside a define() statement?
>
> IE:
> define('TOKEN', $sometoken);
>
> I guess what I am really after is if this can be read by a hacker?
> I may be misguided as to what define()'s parameters are.
> Once you define something it becomes a server variable?
> And server variables are easy to read/get ?
>
> If it is unsafe, what is the best method of storing/using a token so
> that it can be called at will?
> Kind of like a global, just more secure. Can you secure a define statement?
>
> TIA,
>
> Best,
> Karl DeSaulniers
> Design Drumm
> http://designdrumm.com
>
>

I don't think you understand what define does, or what a constant is.

The define function literally "defines" a constant. That is, it creates 
a constant in your script.
A constant isn't a server variable, it's not some kind of special global 
whatever.

A constant is a kind of variable, but which is constant; that is, it can 
not change value once set. Constants in PHP look like variables, only 
without the preceding $-mark. They are not inherently safer or better 
than normal variables.

Now, the question we would all like to pose is: "what are you trying to 
do?". You say you're looking for the best method of storing/using a 
token to be called at will. Then of course a good question would be 
"what do you mean by 'token'?" and what do you want to do with that 
'token'? Why is that 'token' so important to you?

--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php