When and how to use constants in PHP?

Question

When and how to use constants in PHP?

I am currently programming a website (in PHP4). I plan on storing values that do not change at run time in constants. This is, for example, the version number of the login data for the database.

Question 1: Are there any security problems that may arise as a result of storing data in constants?

Currently, to define and call a constant, I am doing the following:

define("VERSION", "1.0"); echo "Current version: ".VERSION."."; // Result: "Current version: 1.0."

One thing annoys me: if a constant is not defined, the "incorrect" variable name is returned instead. NULL

 define("VERSION", "1.0"); echo "Current version: ".VERSIONXXX."."; // Result: "Current version: VERSIONXXX."

One of the solutions I found to get the error message, and the return value is "NULL" when I accidentally entered the wrong constant name, uses the constant() function:

 define("VERSION", "1.0"); echo "Current version: ".constant("VERSIONXXX")."."; // Result: "Current version: ."

Question 2: Can I prevent another way that PHP returns the name of a nonexistent variable?

Question 3: If a constant value in PHP is always returned using the constant() function?

+7

php constants php4

R_User Nov 11 '11 at 20:26

source share

3 answers

If you try to use a constant that does not exist, PHP automatically assumes that it is a string, so you see VERSIONXXX .
IIRC issues a warning if you report errors at the appropriate level. The best solution here is to ensure that your code uses the correct constant names.
If you know the name of a constant, the easiest way is to use it directly. echo MY_CONSTANT
If you do not know the name of the constant (for example, this name is in a variable), use constant() :

  $ name = 'MY_CONSTANT';
     echo constant ($ name);

+6

simshaun Nov 11 '11 at 20:38

source share

Well, you can always use the defined function to make sure that a constant exists. Combined with a triple expression, you can simply echo an empty string, something like:

 echo defined( VERSION ) ? VERSION : "";

Not the best answer, but workable?

The PHP manual for defined() is located at http://php.net/manual/en/function.defined.php

+1

Tieson T. Nov 11 '11 at 20:36

source share

Floydthreepwood · Accepted Answer · 2011-11-11T20:45:06+0000

In reverse order:

Question 3: No Question 2: Not really, but you can make adjustments.

due to (question 1 :) error_reporting . You have configured the PHP web server to hide some errors. If you add

 error_reporting(E_ALL);

to your script, you will get

Using undefined constants MY_CONST - assumed to be 'MY_CONST'

Mistake. Unfortunately, this is a problem arising from the long history of PHP that constants can be interpreted as strings.

If you cannot clear the constant, first of all you can use certain

 if(defined('MY_CONSTANT') { //do something }

But my personal opinion should not be many occasions for this to be necessary, since only the word constant implies a guaranteed presence. The only exception I can think of is a typical header test.

 if(!defined('MY_APP_IS_PRESENT')) { die('You can not call this file on its own, please use index.php.'); }

And one last tipp: Go ahead and make the errorhandler function , maybe even with firephp ?

When and how to use constants in PHP?

More articles: