Trouble using a file to populate a variable used in some custom SQL queries

[mc12345678]

Have a file that defines a variable as an array. During sequence of loading the application_top, the variable is loaded from an extra datafiles folder file. It appears that the variable is not in scope unless the global command is used for that particular variable. So instead of counting on the variable not being modified between loading and being used, because it will be used in a SQL statement after being imploded, I thought I would bring it in scope and fresh by using a require_once load command, that seems to not load the file (seems that even though not currently in scope, has already been loaded). I haven't had an opportunity yet to try just a require command, but that lead me to thinking if I was trying to validate my data sufficiently before sending it to be processed.

I guess looking for some "validation" on performing the above to try to not reinvent the variable, maintain it's value, prevent injection. Did I miss the boat and is it really that the variable is tobe retrieved through some other command or would I still need to validate the data in some waybefore imploding it?

[DrByte]

If the content of this "variable" is expected to NEVER change, use a constant instead. Constants are universal in scope by default (with minor exceptions that seemingly are not relevant in your scenario), and can never be changed once defined.

[mc12345678]

If the content of this "variable" is expected to NEVER change, use a constant instead. Constants are universal in scope by default (with minor exceptions that seemingly are not relevant in your scenario), and can never be changed once defined.

As far as my use of the "variable" yes, a constant would be the preferred (which come to think of it is somewhat a surprise that it's not already). I am building off of the existence of one plugin in another, so am not looking to directly change the first plug-in if I can avoid it (and not sacrifice too much computer resources and definitely not sacrifice security).

It does seem though that to define the array as a constant would be a bit of a burden on the programmer(s) as well (just saying it's end use is not as "simple" or maybe it's that itis not as standard.) All that said, I probably would change the arrayed variable to a constant or develop a different way to consider the list of items as a constant that could be checked against.

As for my above approach to getting the declared array into scope where I wanted to use it, I ended up using a require command and had to use the "correct" file, as one instance of the file called the other using a require_once command. As that file had been previously loaded (though at a point "above" the current use of the contained variable) made the variable non-reachable without the use of a global call.