Passing variables in PHP from one file to another

Question

So this is my code. Now how do I use $pubname in another file.

mysqli_select_db($connect,"membership");
$retname = "select username from users where email='$globalname' limit 1";
$rn = mysqli_query($connect,$retname) or die(mysqli_error($connect));
$name = mysqli_fetch_array($rn);
    //connecting for mathcing username with fullname and displaying it
$pubname = mysqli_real_escape_string($name['username']);

include('profile.php');

echo $pubname;

and also is this code secure? I did that...does not work yet.

You don't need to escape strings FROM the database. – Babiker Dec 31 '10 at 20:03 — Babiker, Dec 31 '10 at 20:03

Sandwich · Accepted Answer · 2013-10-10T00:29:32.310

Include the file you would like the variable to be accessible within, like so

include('somefile.php')

and at the top of that file you might need put something like [depending on server configurations]

global $pubname

But in most cases you would not need to do this.

In regards to security, depending on how $pubname is set, your query may or may not be prone to sql injection.

Note: There are other means to include() files such as include_once(), require() and require_once(), from php.net:

The documentation below also applies to require(). The two constructs are identical in every way except how they handle failure. include() produces a Warning while require() results in a Fatal Error. In other words, use require() if you want a missing file to halt processing of the page. include() does not behave this way, the script will continue regardless. Be sure to have an appropriate include_path setting as well. Be warned that parse error in required file doesn't cause processing halting in PHP versions prior to PHP 4.3.5. Since this version, it does.

score 1 · Answer 2 · answered Dec 31 '10 at 20:04

To use $pubname in another script, keep it as global variable. You don't need to echo it. (As caveat: global variables should be used sparingly, preferrably lumped into an array.)

As far as security is concerned: You should use mysqli_real_escape_string rather on $globalname right before you use it. And escape the $pubname only right before you use that in the next query. As it looks now, you are encoding the output needlessly, but forgot to do escape the input - which _escape_string is actually meant for.

score 0 · Answer 3 · answered Dec 31 '10 at 20:00

0

to use pubname in a nother file. first you have to include the file where pubname was set/created.

then use include() or require() function to call it.

answered Dec 31 '10 at 20:00

andrewk

3,721
4
30
37

Passing variables in PHP from one file to another

3 Answers3

Linked