Passing variables in PHP from one file to another
So this is my code. Now how do I use $pubname in another file.
mysqli_select_db($connect,"membership");
$retname = "select username from users where email='$globalname' limit 1";
$rn = mysqli_query($connect,$retname) or die(mysqli_error($connect));
$name = mysqli_fetch_array($rn);
//connecting for mathcing username with fullname and displaying it
$pubname = mysqli_real_escape_string($name['username']);
include('profile.php');
echo 开发者_如何转开发$pubname;
and also is this code secure? I did that...does not work yet.
Include the file you would like the variable to be accessible within, like so
include('somefile.php')
and at the top of that file you might need put something like [depending on server configurations]
global $pubname
But in most cases you would not need to do this.
In regards to security, depending on how $pubname
is set, your query may or may not be prone to sql injection.
Note: There are other means to include()
files such as include_once()
, require()
and require_once()
, from php.net:
The documentation below also applies to require(). The two constructs are identical in every way except how they handle failure. include() produces a Warning while require() results in a Fatal Error. In other words, use require() if you want a missing file to halt processing of the page. include() does not behave this way, the script will continue regardless. Be sure to have an appropriate include_path setting as well. Be warned that parse error in required file doesn't cause processing halting in PHP versions prior to PHP 4.3.5. Since this version, it does.
To use $pubname
in another script, keep it as global variable. You don't need to echo it. (As caveat: global variables should be used sparingly, preferrably lumped into an array.)
As far as security is concerned: You should use mysqli_real_escape_string
rather on $globalname
right before you use it. And escape the $pubname
only right before you use that in the next query. As it looks now, you are encoding the output needlessly, but forgot to do escape the input - which _escape_string
is actually meant for.
to use pubname
in a nother file. first you have to include the file where pubname
was set/created.
then use include()
or require()
function to call it.
精彩评论