[PHP] CGI PHP vs. FastCGI vs. mod_php vs. application server?

2011-10-12 Thread saeed ahmed 
greeting all,

As far as I know, there are different ways to write a PHP application:
- CGI, ie. the usual way : some PHP code in web pages, and the PHP
interpreter is loaded each time a PHP page is called
- FastCGI : apparently, the interpreter is loaded at boot time; the
application itself might also be compiled and loaded once
- mod_php : same as FastCGI?
- application server : the application is compiled and loaded once;
the application can either have its own web server, or use a web
server as front end, and only handle its own part

Any tips much appreciated, thank you.

--
Saeed Ahmed
Junior Software engineer
Codemate Ltd .
My Blog: saeedahmed.net

Re: [PHP] Re: files outside of documentRoot

2011-10-12 Thread Ricardo Martinez 
It works thx a lot =)



On Tue, Oct 11, 2011 at 5:26 PM, Bastien Koert  wrote:

> On Tue, Oct 11, 2011 at 11:00 AM, Ricardo Martinez 
> wrote:
> > Hi!
> >
> > i'm was checking, readfile(); and fpassthru();
> >
> > With easy examples, i can use it for show a pic in the screen and
> download a
> > file, from outside of documentRoot. It works fine.
> >
> > The problem that i have now, is, i need can work with it, inside of other
> > documents, but i'm getting all time error by the headers. ( already sendt
> > ... )
> >
> > Anyone knows how to use it for can call the files and work together with
> > other page ¿?
> >
> > Thanks
> >
> > On Sun, Oct 9, 2011 at 6:57 PM, Sean Greenslade  >wrote:
> >
> >>
> >> On Sun, Oct 9, 2011 at 9:52 AM, Ricardo Martinez  >wrote:
> >>
> >>> The files are, png, pdf and flv.
> >>>
> >>> Only users login can see or download it.
> >>>
> >>> thx ;>
> >>>
> >>> On Sat, Oct 8, 2011 at 11:16 PM, Shawn McKenzie  >>> >wrote:
> >>>
> >>> > On 10/08/2011 03:40 PM, Ricardo Martinez wrote:
> >>> > > Hi List!
> >>> > >
> >>> > > I need to access files outside the DocumentRoot.
> >>> > >
> >>> > > I've been looking for info and documentation, and I've read that it
> >>> can
> >>> > be
> >>> > > done using symbolic links and another way is by using headers.
> >>> > >
> >>> > > I want to know, what do you think, what is the best way, and if
> anyone
> >>> > knows
> >>> > > a good doc about of it.
> >>> > >
> >>> > > Thanks!!!
> >>> > >
> >>> >
> >>> > It depends on what you mean by "files".  Are they PHP files that need
> to
> >>> > be run, or images, or files that need to be downloaded by the user?
> >>> >
> >>> > For PHP, you would add the external dir to your include path.
> >>> >
> >>> > For images you can use a php file as the img src and that file sets
> the
> >>> > appropriate headers and uses readfile() to get and echo the image
> data:
> >>> > getimage.php?image=someimage.gif
> >>> >
> >>> > For download files you would do it in the same manner as for images:
> >>> > download.php?file=somefile.zip
> >>> >
> >>> >
> >>> > --
> >>> > Thanks!
> >>> > -Shawn
> >>> > http://www.spidean.com
> >>> >
> >>>
> >>> --
> >>> Ricardo
> >>> ___
> >>> IT Architect
> >>> website: http://www.pulsarinara.com
> >>>
> >>
> >>
> >> Sounds like the downloader php script would be perfect (what Shawn
> >> suggested). Have the script check the login status, then (if valid) send
> the
> >> proper headers for the file and read out the data with the script.
> >>
> >> --
> >> --Zootboy
> >>
> >> Sent from my PC.
> >>
> >>
> >
> >
> > --
> > Ricardo
> > ___
> > IT Architect
> > website: http://www.pulsarinara.com
> >
>
> For images and the like, I have a separate page that is called that
> handles the image and the headers needed
>
> In the page I have some thing like
>
> echo "";
>
> Then in the get-image.php page i have the code that gets the image
> from the db, outputs the appropriate headers and then outputs the
> image
>
> --
>
> Bastien
>
> Cat, the other other white meat
>



-- 
Ricardo
___
IT Architect
website: http://www.pulsarinara.com

Re: [PHP] How to know the path of `php.ini` used when call php.exe from CLI/command-line in Windows 7

2011-10-12 Thread Richard Quadling 
On 11 October 2011 19:40, Nam Gi VU  wrote:
> Hi every one,
> Currently when I call php --ini from CLI, I just see C:\Windows but search
> for this location, I cannot find any php.ini files.
> I'm stuck there - where is the php.ini file used by php.exe called from CLI
> as below
>
> *C:> php --ini*

The following documentation links are all relevant.

http://docs.php.net/manual/en/install.windows.manual.php
http://docs.php.net/manual/en/install.windows.commandline.php
http://docs.php.net/manual/en/configuration.file.php

-- 
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] CGI PHP vs. FastCGI vs. mod_php vs. application server?

2011-10-12 Thread Richard Quadling 
On 12 October 2011 09:19, saeed ahmed  wrote:
> greeting all,
>
> As far as I know, there are different ways to write a PHP application:
> - CGI, ie. the usual way : some PHP code in web pages, and the PHP
> interpreter is loaded each time a PHP page is called
> - FastCGI : apparently, the interpreter is loaded at boot time; the
> application itself might also be compiled and loaded once
> - mod_php : same as FastCGI?
> - application server : the application is compiled and loaded once;
> the application can either have its own web server, or use a web
> server as front end, and only handle its own part
>
> Any tips much appreciated, thank you.


Each of the SAPIs operate in different environments (though I suppose
CGI and FastCGI are going to nearly be swappable).

CGI - As you rightly say, is loaded on a per-request basis. There is
an overhead for every request to get PHP up and running prior to
processing the PHP script.

Fast-CGI - This requires some cooperation from the server. The server
will create a set of PHP instances (separate executable, not running
in the same memory space as the server) ready to receive the script.
This reduces the overhead that exists with CGI from request loading to
server startup/loading.

mod_php - I'm on Windows and have not used Apache. But I have used
ISAPI. I believe these operate in a similar fashion. In this instance,
the PHP interpreter is loaded as a module of the server, just like any
other module the server loads. Each PHP script is handled by a
separate PHP thread. These threads are NOT separate instances of PHP,
and are running within the same address space as the web server. As a
consequence, several features/issues exist. Chiefly for me was the
persistent database connections. As the same module of code is running
all the scripts, a script can (by the use of the appropriate
functions) get the database connection remembered between each script.
This allows faster connection to the DB for each script. There are
issues though. The connection is to the SERVER and not to the DB. The
remembered connection is based upon the server, the username and
password. If you use multiple databases on the same connection AND use
the selectDB functionality, the single remembered DB connection will
change DB. If this happens midscript, you could end up in a very
strange place. But, if you use qualified naming
(database_name.owner.table_name for an MS SQL example), then you will
be fine. Just remember select DB is just a shortcut for the connection
to use. It isn't part of the connection.

Application Server - Don't know.

You also have ...

CLI - Command line PHP scripting. You must manually invoke PHP with
the script name for it to run, though Windows has some useful features
to allow you to run a PHP script without having to declare the PHP
executable every time. I think the #! line is the Unix equivalent of
this feature, but isn't as complete as the Windows mechanism (IMHO) -
See http://docs.php.net/manual/en/install.windows.commandline.php for
additional details on this.

And as of 5.4, there is CLI Server. This is using PHP to run as a
listener on the HTTP port and passes requests to a simple, userland,
PHP-based routing script which will allow you to respond to PHP
requests. See http://docs.php.net/manual/en/features.commandline.webserver.php
for more details.

-- 
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] CGI PHP vs. FastCGI vs. mod_php vs. application server?

2011-10-12 Thread Mike Mackintosh 
Nice write up Richard

On Oct 12, 2011, at 7:06, Richard Quadling  wrote:

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Variable variable using constant

2011-10-12 Thread Marc Guay 
Hi folks,

Let's say that I have 2 constants

DEFINE('DESKTOP_URL_en', "http://www.website.com/index.php?page=home";); 
DEFINE('DESKTOP_URL_fr', "http://www.website.com/index.php?page=accueil";);  


and I would like to populate the value of an href with them depending
on the user's language.  $_SESSION['lang'] is either 'en' or 'fr'.
How would I go about referring to this variable?

I have tried:

${'DESKTOP_URL_'.$_SESSION['lang']};
${DESKTOP_URL'.'_'.$_SESSION['lang']};
{DESKTOP_URL'.'_'.$_SESSION['lang']};
etc, to no avail.

If it is a regular variable I'm fine, it's the CONSTANT_FORMAT that
seems to be causing my brain some issues.

Thanks,
Marc

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Variable variable using constant

2011-10-12 Thread Robert Williams 
On 10/12/11 11:51, "Marc Guay"  wrote:


>Let's say that I have 2 constants
>
>DEFINE('DESKTOP_URL_en', "http://www.website.com/index.php?page=home";);
>DEFINE('DESKTOP_URL_fr',
>"http://www.website.com/index.php?page=accueil";);
>
>and I would like to populate the value of an href with them depending
>on the user's language.  $_SESSION['lang'] is either 'en' or 'fr'.
>How would I go about referring to this variable?


Try:

   $var = constant('DESKTOP_URL_' . $_SESSION['lang']);


Regards,
Bob

--
Robert E. Williams, Jr.
Associate Vice President of Software Development
Newtek Businesss Services, Inc. -- The Small Business Authority
https://www.newtekreferrals.com/rewjr
http://www.thesba.com/







Notice: This communication, including attachments, may contain information that 
is confidential. It constitutes non-public information intended to be conveyed 
only to the designated recipient(s). If the reader or recipient of this 
communication is not the intended recipient, an employee or agent of the 
intended recipient who is responsible for delivering it to the intended 
recipient, or if you believe that you have received this communication in 
error, please notify the sender immediately by return e-mail and promptly 
delete this e-mail, including attachments without reading or saving them in any 
manner. The unauthorized use, dissemination, distribution, or reproduction of 
this e-mail, including attachments, is prohibited and may be unlawful. If you 
have received this email in error, please notify us immediately by e-mail or 
telephone and delete the e-mail and the attachments (if any).

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Variable variable using constant

2011-10-12 Thread Marc Guay 
>   $var = constant('DESKTOP_URL_' . $_SESSION['lang']);

Very nice, thank you.

Marc

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Local variable protection

2011-10-12 Thread Benjamin Coddington 
Are there any assurances that function local variables are protected from code 
calling the function?

For example, I would like to provide some cryptographic functions such as

function org_secure_string($string) {
$org_key = "a very random key";
return hash($string, $key);
}

function org_reveal_string($hash) {
$org_key = "a very random key";
return unhash($hash, $key);
}

I'd like to protect $org_key from any code following or using these functions.  
I've not yet found a way that it can be revealed, but I wonder if anyone here 
can give me a definitive answer whether or not it is possible.

Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Local variable protection

2011-10-12 Thread Ken Robinson 

Quoting Benjamin Coddington :

Are there any assurances that function local variables are protected  
from code calling the function?


For example, I would like to provide some cryptographic functions such as

function org_secure_string($string) {
$org_key = "a very random key";
return hash($string, $key);
}

function org_reveal_string($hash) {
$org_key = "a very random key";
return unhash($hash, $key);
}

I'd like to protect $org_key from any code following or using these  
functions.  I've not yet found a way that it can be revealed, but I  
wonder if anyone here can give me a definitive answer whether or not  
it is possible.


It's called the scope of the variable. See  
http://us3.php.net/manual/en/language.variables.scope.php


Variables defined in a function are only available to the function  
where they are defined.


Ken


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] creating php_bcompiler.dll

2011-10-12 Thread Peter Roth 
Hello,
 
I am trying to build php_bcompiler.dll on Windows 7 using Visual Studio 10. I 
can compile it OK, but it will not link. Below is the output of the build 
process. Does anybody have any idea on how to get past these link errors so 
that I can build the dll?
 
  php_bcompiler.c
C:\Users\Peter\Documents\Data\Development\Ponderosa Innovative 
Solutions\Code\php-5.3.8\main\../main/config.w32.h(189): warning C4005: 
'PHP_COMPILER_ID' : macro redefinition
  command-line arguments :  see previous definition of 'PHP_COMPILER_ID'
php_bcompiler.c(702): warning C4996: 'sscanf': This function or variable may be 
unsafe. Consider using sscanf_s instead. To disable deprecation, use 
_CRT_SECURE_NO_WARNINGS. See online help for details.
  c:\Program Files (x86)\Microsoft Visual Studio 
10.0\VC\include\stdio.h(325) : see declaration of 'sscanf'
  bcompiler.c
C:\Users\Peter\Documents\Data\Development\Ponderosa Innovative 
Solutions\Code\php-5.3.8\main\../main/config.w32.h(189): warning C4005: 
'PHP_COMPILER_ID' : macro redefinition
  command-line arguments :  see previous definition of 'PHP_COMPILER_ID'
bcompiler.c(60): warning C4996: 'strcat': This function or variable may be 
unsafe. Consider using strcat_s instead. To disable deprecation, use 
_CRT_SECURE_NO_WARNINGS. See online help for details.
bcompiler.c(61): warning C4996: 'strcat': This function or variable may be 
unsafe. Consider using strcat_s instead. To disable deprecation, use 
_CRT_SECURE_NO_WARNINGS. See online help for details.
bcompiler.c(76): warning C4996: 'strnicmp': The POSIX name for this item is 
deprecated. Instead, use the ISO C++ conformant name: _strnicmp. See online 
help for details.
  c:\Program Files (x86)\Microsoft Visual Studio 
10.0\VC\include\string.h(248) : see declaration of 'strnicmp'
bcompiler.c(637): warning C4996: 'sscanf': This function or variable may be 
unsafe. Consider using sscanf_s instead. To disable deprecation, use 
_CRT_SECURE_NO_WARNINGS. See online help for details.
  c:\Program Files (x86)\Microsoft Visual Studio 
10.0\VC\include\stdio.h(325) : see declaration of 'sscanf'
  bcompiler_zend.c
C:\Users\Peter\Documents\Data\Development\Ponderosa Innovative 
Solutions\Code\php-5.3.8\main\../main/config.w32.h(189): warning C4005: 
'PHP_COMPILER_ID' : macro redefinition
  command-line arguments :  see previous definition of 'PHP_COMPILER_ID'
bcompiler_zend.c(738): warning C4018: '<' : signed/unsigned mismatch
bcompiler_zend.c(759): warning C4018: '<' : signed/unsigned mismatch
bcompiler_zend.c(959): warning C4018: '<' : signed/unsigned mismatch
bcompiler_zend.c(1216): warning C4018: '<' : signed/unsigned mismatch
bcompiler_zend.c(1549): warning C4018: '<' : signed/unsigned mismatch
bcompiler_zend.c(1698): warning C4018: '<' : signed/unsigned mismatch
  bcompiler_debug.c
C:\Users\Peter\Documents\Data\Development\Ponderosa Innovative 
Solutions\Code\php-5.3.8\main\../main/config.w32.h(189): warning C4005: 
'PHP_COMPILER_ID' : macro redefinition
  command-line arguments :  see previous definition of 'PHP_COMPILER_ID'
  Generating Code...
 Creating library Release\php_bcompiler.lib and object 
Release\php_bcompiler.exp
php_bcompiler.obj : error LNK2001: unresolved external symbol 
__imp__executor_globals_id
bcompiler.obj : error LNK2001: unresolved external symbol 
__imp__executor_globals_id
bcompiler_zend.obj : error LNK2019: unresolved external symbol 
__imp__executor_globals_id referenced in function _apc_deserialize_zvalue_value
php_bcompiler.obj : error LNK2019: unresolved external symbol 
__imp__ts_allocate_id referenced in function _zm_startup_bcompiler
php_bcompiler.obj : error LNK2001: unresolved external symbol 
__imp__compiler_globals_id
bcompiler.obj : error LNK2001: unresolved external symbol 
__imp__compiler_globals_id
Release\php_bcompiler.dll : fatal error LNK1120: 3 unresolved externals

[PHP] php_bcompiler.dll dependencies?

2011-10-12 Thread Peter Roth 
I am trying to build php_bcompiler.dll on Windows 7 using Visual Studio 10. I 
can compile it OK, but it will not link. I have posted the build output error 
messages in a previous post. I am wondering if building PHP from source code 
would produce some files that would help me get past the link errors.

[PHP] Building PHP on Windows 7 using Visual Studio 10

2011-10-12 Thread Peter Roth 
I am trying to build PHP from source code on Windows 7 using Visual Studio 10.  
I have tried to follow the procedure at
 
https://wiki.php.net/internals/windows/stepbystepbuild
 
I did not get very far and suspect that this procedure may need to be updated 
for people in my situation.  In particular, steps 6, 7, and 12 and beyond just 
don't work on my system.
 
Does anyone out there have an updated procedure that I could follow?
 
Also, is step #12 implying that I can build PHP without adding any other 
libraries to the "deps" folder?

[PHP] Re: [PECL-DEV] php_bcompiler.dll dependencies?

2011-10-12 Thread Ángel González 

Peter Roth wrote:

I am trying to build php_bcompiler.dll on Windows 7 using Visual Studio 10. I 
can compile it OK, but it will not link. I have posted the build output error 
messages in a previous post. I am wondering if building PHP from source code 
would produce some files that would help me get past the link errors.
If the problems arise because you are using a different compiler, 
recompiling php would certainly fix it.
Although if your problems appear before getting the dll, I'm not sure if 
that's the case.



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: [PECL-DEV] php_bcompiler.dll dependencies?

2011-10-12 Thread Pierre Joye 
hi,

Which previous post? Also you have to use VC9 not VC10 to use your ext
against PHP releases. You can get it with the platform SDK 6.1

Cheers,

On Wed, Oct 12, 2011 at 10:51 PM, Peter Roth  wrote:
> I am trying to build php_bcompiler.dll on Windows 7 using Visual Studio 10. I 
> can compile it OK, but it will not link. I have posted the build output error 
> messages in a previous post. I am wondering if building PHP from source code 
> would produce some files that would help me get past the link errors.
>
>



-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: [PECL-DEV] php_bcompiler.dll dependencies?

2011-10-12 Thread Ferenc Kovacs 
> Which previous post?

http://news.php.net/php.pecl.dev/8616


-- 
Ferenc Kovács
@Tyr43l - http://tyrael.hu

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Local variable protection

2011-10-12 Thread Benjamin Coddington 
On Oct 12, 2011, at 4:24 PM, Ken Robinson wrote:

> Quoting Benjamin Coddington :
> 
>> Are there any assurances that function local variables are protected from 
>> code calling the function?
>> 
>> For example, I would like to provide some cryptographic functions such as
>> 
>> function org_secure_string($string) {
>>  $org_key = "a very random key";
>>  return hash($string, $key);
>> }
>> 
>> function org_reveal_string($hash) {
>>  $org_key = "a very random key";
>>  return unhash($hash, $key);
>> }
>> 
>> I'd like to protect $org_key from any code following or using these 
>> functions.  I've not yet found a way that it can be revealed, but I wonder 
>> if anyone here can give me a definitive answer whether or not it is possible.
> 
> It's called the scope of the variable. See 
> http://us3.php.net/manual/en/language.variables.scope.php
> 
> Variables defined in a function are only available to the function where they 
> are defined.

Yes, but scope does not necessarily protect a value.  Within a function globals 
are out of scope, but their values can still be accessed through $GLOBALS.

Many languages have little-documented reflection features.  I am concerned 
about a determined person being capable of discovering the value of a variable 
within a function that has already been defined.  Is there a way to this?  Is 
there a way to examine the input buffer, or anything that has been read into 
the interpreter so far?  Certainly those values exist within the memory of the 
process, which can be accessed through other methods.

I'd be very happy if anyone is able to say it is not possible to do this, and 
explain why.

Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Seâd - Contract Developer Contracts Available in Auckland and Hamilton - New Zealand

2011-10-12 Thread Paul Jenkins 
Hi PHPr's

I have a client looking for Contract developers.  Multiple requirements.

Work on enhancing the User Interface of a large and complex Web
Application product.

We are ideally looking for those with experience in developing and
deploying graphical user interfaces using Web based technologies.

Strong user interface design skills and excellent knowledge of HTML
and CSS.

Excellent web development skills in PHP and JavaScript, and ability to
master new development frameworks.

Having a background or experience in modern networking or
telecommunication technologies would be ideal.

Some additional skills include experience with the JQuery JavaScript
framework and CodeIgniter.

Any experience with C development, particularly in writing PHP
extensions would be highly sought after, but not a necessity.

Please send your details / current CV to me - p...@sead.co.nz and/or
call 09 3772047 / 027 7413905

Initial contract will be 3-6 months and should extend past this.
Rates are negotiable based on experience.  Starting ASAP.

Paul Jenkins
Account Manager
Seâd Ltd
www.sead.co.nz

027 741 3905
09 377 2047





Paul Jenkins

Account Manager

Seâd Ltd

www.sead.co.nz

+64 27 741 3905

+64 9 377 2047

Join me on LinkedIn http://www.linkedin.com/in/pjenkins  Follow me on
Twitter http://www.twitter.com/ITJOBSNZ 

Become a fan of Seâd on
Facebook

Check us out on
LinkedIn

Check out Seâd’s latest
jobs



[image: QR Code - Paul Jenkins.png]



[image: 
cid:image001.jpg@01CBDE67.C12164A0]

*Support us to drive positive change for NZ I.T.**
**www.gettingitright.co.nz*

Re: [PHP] Local variable protection

2011-10-12 Thread Tommy Pham 
On Wed, Oct 12, 2011 at 4:51 PM, Benjamin Coddington wrote:

> On Oct 12, 2011, at 4:24 PM, Ken Robinson wrote:
>
> > Quoting Benjamin Coddington :
> >
> >> Are there any assurances that function local variables are protected
> from code calling the function?
> >>
> >> For example, I would like to provide some cryptographic functions such
> as
> >>
> >> function org_secure_string($string) {
> >>  $org_key = "a very random key";
> >>  return hash($string, $key);
> >> }
> >>
> >> function org_reveal_string($hash) {
> >>  $org_key = "a very random key";
> >>  return unhash($hash, $key);
> >> }
> >>
> >> I'd like to protect $org_key from any code following or using these
> functions.  I've not yet found a way that it can be revealed, but I wonder
> if anyone here can give me a definitive answer whether or not it is
> possible.
> >
> > It's called the scope of the variable. See
> http://us3.php.net/manual/en/language.variables.scope.php
> >
> > Variables defined in a function are only available to the function where
> they are defined.
>
> Yes, but scope does not necessarily protect a value.  Within a function
> globals are out of scope, but their values can still be accessed through
> $GLOBALS.
>

Maybe you should read that [1] again and thoroughly analyze the given
example.  Any variable and its value within the function is only accessible
within _that_ function, unless you make a reference to a global variable.
Thus, the value is protected within the local scope inside that function,
which you're free to do as you wish within that same function.  As Ken
mentioned, you should revisit that section Ken provided in the official
manual.  BTW, your examples will generate errors as $key is not defined nor
did you reference it to a global variable within the functions.

If you still have any doubts, run the following code with all errors and
warnings enabled in the php.ini:

function org_secure_string($string) {
   $key = "a very random key";
   return hash($string, $key);
}

echo '';
var_dump($GLOBALS);

The use of var_dump is one of the best ways to confirm that what actually
happens is the _exactly_the_same_ as what you think should happen within
your code/application.


Many languages have little-documented reflection features.  I am concerned
> about a determined person being capable of discovering the value of a
> variable within a function that has already been defined.  Is there a way to
> this?  Is there a way to examine the input buffer, or anything that has been
> read into the interpreter so far?  Certainly those values exist within the
> memory of the process, which can be accessed through other methods.
>
> I'd be very happy if anyone is able to say it is not possible to do this,
> and explain why.
>
> Ben
>
>
Regards,
Tommy

[1] php.net/reserved.variables.globals