在Drupal中使用“全局”用户是危险的吗？

I always hear using global variables are dangerous. Does this apply to Drupal? Take a look at the following example:

function myFunction($bla) {
   global $user;
   if (isAuthenticated($user->uid)) {
        print $secretCode;
   }

}

Can this be hacked?

Global variables can be dangerous for many reasons, some of which include:

1. Clutters namespaces
2. It makes maintenance difficult and encourages monkeypatching, as global variables can be modified from anywhere
3. They are not referentially transparent
4. In memory-managed languages, global variables can become the source of memory leaks
5. They make debugging especially difficult in large applications/sites, as it can be difficult to track down where they are being set and modified.

Nothing is particularly threatening about your use case. It should be fine. If you're very scared, you can ensure that $user->uid is an integer before evaluating:

function myFunction($bla) {
   global $user;
   if( is_int($user->uid) ){
      if (isAuthenticated($user->uid)) {
         print $secretCode;
      }
   }
}

But this is probably unnecessary.

No. If you are using session_register, it's possible for an SQL injection. Since that's an ancient method, in PHP 4. Although, a lot of people still use it.