"Proper" method of checking variables

Trs2988

Currently, I use a method that allows me to basically contain more than one script in one file. I'm sure a lot of people are familiar with this, but I'll give an example.

There's a forum script, forum.php which displays the list of topics. When you choose a topic, that would go to forum.php?action=viewthread, and when you post a new topic it would go to forum.php?action=post, etc. Very simple.

In order to accomplish this, I do:

$action = $_GET['action'];
if($action == 'viewthread') {
// display thread
}
elseif($action == 'post') {
// form to post new message
}
else {
// topic list
}

However, I've been reading up on security and one of the things I've read is that error reporting should be set to E_ALL. Now, I'd be the first to say that my coding is never really the "proper" way to doing things, and therefore PHP started spitting out notices all over the place. I've been working to fix them, but this is one I'm just scratching my head over. It keeps saying that $_GET['action'] is undefined. But how can I find out ahead of time if its undefined, without actually using the variable? Is there an easier way to accomplish what I'm trying to do, that wouldn't keep giving notices?

Also, more of a side question - is it actually worth it? Should be going through, and fixing my code so that it follows what PHP feels as "proper"?

Thanks for the help.

LordShryku

Well, that's showing up because you're setting a variable to it first. It'd really be done like this:

if(empty($_GET['action'])) {
   $action = $_GET['action'];
   if($action == 'viewthread') {
      // display thread
   }
   elseif($action == 'post') {
      // form to post new message
   }
   else {
      // topic list
   }
}
else {
   // display default, no action page
}

Use [man]empty[/man] or [man]isset[/man] to check.

As far as whether it's worth it, I'd say it depends on a few things.
1) Do you own the server and will you always own the server? It's up to the owner to set levels of toleration and keep php up to date. But if you own it and want to run backdated versions of php to keep code intact, that's your call.

2) How much code do you have? If you have to go through 20 million lines of code for this, it might be more work than it's worth.

If you ask me, keeping code "proper" is very important. It gives you a lot more solidity for newer versions of php.

Trs2988

Of course, I should have known the solution would be that simple 🆒

Actually, though, I thought that even using the variable name in the empty() function would throw a notice. Shows what I know.

(Also, I'm assuming you meant that to be !empty, because otherwise you'd only be checking the value of $action if it were empty 😃 )

As for the "is it worth it question," I'm not really sure what you meant in number 1. For what it's worth, I'm currently renting hosting space. But I'm not quite sure what that has to do with it. Let's put it this way, from what you said I'm not sure if owning the server means I should or should not use proper PHP.

As for #2, that's not a problem. It's about 20,000 lines of code, but at this point I'm going through it and recoding most of it anyway, for multiple reasons that I'm not getting into here. So if the only reason I wouldn't do it is "because its a headache," then I might as well do it.