Hi all.
I have this little dilemma:
if (!$page) {
$page = 0;
}
Var is not defined before this script, but it is defined after $page= 0. For some reason when I do "error reporting ALL" in php script, it gives an "undefined variable error." It is either me going crazy or I am missing something. Can some one help.
Thank you.
When you turn the error reporting all the way up, PHP will report not just errors, but warnings and notices as well. 'undefined variable' is either a warning or notice. the idea being that you should never refer to a variable before you've initialized it because you might get unexpected results.
I feel the need to point out that even if someone has set $page to zero, that code will set it to zero all over again.
you could try this:
if (!isset($page)) {
$page = 0;
}
That would be used in the very specific case where the variable $page has not yet been defined in the current script. If there's a chance that it has been defined (as NULL or zero or something) then you could get a bit more elaborate.
if (!isset($page) || is_null($page)) {
$page = 0;
}
Thank you for your reply. It worked. I've upgraded my PHP from 4.0 to 4.3 running on Apache 1.3 still. I also realized that I had global variables turned on in ini file.
Is there a way to declare variables on the page without defining its value. I've looked on the net for a solution, but it seems that globals can be declared with $_session. Can some one help me on this one. Thank you.
You actually spent time upgrading from one outdated PHP version to another outdated PHP version? Why not get 5.3 while you're at it? And maybe Apache 2.0 as well.
And no, you can't. But why would you? if (isset($page)) is false until it's defined. Then it's true.
johanafm;10929642 wrote:You actually spent time upgrading from one outdated PHP version to another outdated PHP version? Why not get 5.3 while you're at it? And maybe Apache 2.0 as well.
And no, you can't. But why would you? if (isset($page)) is false until it's defined. Then it's true.
The reason because I am not upgrading is because I am running on windows and for some reason either Apache 2.0 or php 5 wont function properly on my PC - I've tried.
Also, when I do "error_reporting all ", I get errors saying that 5 or 6 variables are not registered. Could it be a security issue in the future when site is live? (I post vars through HTTP header mostly).
Sounds like you are using register_globals. This is where GET or POST vars from the query string or from a form are automatically turned into global vars in your scope. This is a security risk because it allows a malicious programmer to instantiate global vars in your script simply by adding them to the query string.
Generally speaking, if you are dealing with input from a browser, you should specifically reference $GET, $POST, or $_COOKIE in your script and you should validate that data before you do anything with it like putting it in a query or writing it to a file. If you don't, your script is at risk for hacker attacks.
sneakyimp;10929665 wrote:you should specifically reference $GET, $POST, or $_COOKIE in your script and you should validate that data before you do anything with it like putting it in a query or writing it to a file. If you don't, your script is at risk for hacker attacks.
Thanks once again. I am still learning to code with security precautions - especially if a web site going to deal with important information. So, when you say "reference $get, $post, $cookie and validate" what exactly do you mean? Where can I read about it? Hope it is not too much to ask.
Thank you.
You've probably seen URLs with values added in a query string like this:
http://domain.com/file.php?arg1=foo&arg2=barThe proper way to get at those vars is to reference $GET
echo "arg1's value is " . $_GET['arg1'];
echo "<br>";
echo "arg2's value is " . $_GET['arg2'];
register_globals is a setting in your PHP configuration which instructs PHP to create the global variables $arg1 and $arg2 in your script. This presents a security problem. Don't rely on register_globals. It has been deprecated in the latest versions of PHP and should not be used. Use $_GET instead.
Likewise if you define a form with method="post" then you should refer to $_POST for the values. Your form:
<form method="post" action="handler.php">
<input type="text" name="arg1" value="">
<input type="submit" name="submit" value="submit">
</form>
handler.php:
echo "arg1's value is " . $_POST['arg1'];
Okay. That makes sense, but I ran into the problem that $_GET does not function right on Apache running windows. It simply does not know what that variable is. Is there a workaround it? Thank you again.
if $GET is not defined, PHP is not working correctly. It's entirely feasible that $GET['some_var'] is not defined which would result in some sort of error being thrown, but $_GET should always be defined.
Unless of course someone had fun with unset($_GET);
Thanks sneakyimp and johanafm.
When I echo $_GET I get a plain word "Array." Is this normal?
Also, is registering vars this way a good idea:
if (!isset($page)) {
$page = "";
}
This way errors do not show up when E_ALL them.
Thanks a bunch again guys!
Yes it's normal. The only thing you can use echo on is strings. PHP's array to string conversion simply creates the string "Array", no matter what array is used.
Use print_r() to show array contents. Do note the option of print_r($array, non_false_value_to_return_instead_of_echo). For use in a webpage, echo '<pre>' and '</pre>' before and after the array to make line breaks work.
Again - very helpful thread. I appreciate your help!