How to access superglobals in correct way?

Question

I'm discovering secrets of PHP. I've found one thing that I don't have answer to. I would like to access variables from super-global $_SESSION in class. Everything works but PHPMD engine to check mess in code is showing me issue.

I'm getting value from $_SESSION super-global this way

$value = $_SESSION["value"];

And I'm editting values of $_SESSION super-global this way

$_SESSION['value'] = "newValue";

PHPMD is showing me issue:

accesses the super-global variable $_SESSION.

So I'm finding another way how to edit and get values of super-global $_SESSION correctly.

I've tried to use filter_input, problem is that when I use INPUT_POST as type(argument 1), PHP shows me warning:

INPUT_SESSION is not yet implemented

Thanks for future answers :)

EDIT (Quotes from phpmd documentation)

Superglobals Since: PHPMD 0.2. Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Why are you mashing up three topics here? The language feature, filter_input limitations and in particular PHPMD are unreleated. — mario, Jul 17 '16 at 17:33
Look, I've described everything in question to let everyone know what do I want. It's hard to describe it without these 3 topics. I'm sorry that I mashed them in one question. Practically, I just want to know if there is any other way to access and edit $_SESSION super-global variable — UareBugged, Jul 17 '16 at 17:53
The first one is the correct and only way. PHPMD "showing an issue" is just that, an advisory (and not a very clever one). — mario, Jul 17 '16 at 18:00
I was thinking that, but you know, I was not sure, thats reason why I've created this question. Thanks for your time — UareBugged, Jul 17 '16 at 18:02

score 3 · Accepted Answer · answered Aug 04 '16 at 17:24

3

As the hint says, accessing the superglobals violates the encapsulation principle

A really basic approach would be:

class SessionObject
{
    public $vars;

    public function __construct() {
        $this->vars = &$_SESSION; //this will still trigger a phpmd warning
    }
}

$session = new SessionObject();
$session->vars['value'] = "newValue";

You can also have a look to the Symfony HttpFoundation Component for a full-fledged implementation

answered Aug 04 '16 at 17:24

dani g

489
3
5

1

So the final solution is to encapsulate as done in your example, AND suppress the warning? – Bjinse Sep 25 '18 at 08:03

score 1 · Answer 2 · answered Jul 17 '16 at 19:15

It's only a "bad pratice", you can still access to superglobals directly, if you are a fan on "best pratices", create a small class like that:

class Session{

    public static function put($key, $value){
        $_SESSION[$key] = $value;
    }

    public static function get($key){
        return (isset($_SESSION[$key]) ? $_SESSION[$key] : null);
    }

    public static function forget($key){
        unset($_SESSION[$key]);
    }
}

And use in that way:

Session::put('foo', 'bar');
$bar = Session::get('foo');
Session::forget('foo');

your code will still trigger the warning, but now in your class. — 8ctopus, Mar 04 '23 at 08:42

How to access superglobals in correct way?

2 Answers2