Jump to content

Notice: Undefined variable: bla bla

rocoso

By rocoso
in PHP Coding Help

 Share

Recommended Posts

rocoso Newbie

rocoso

Posted
Posted

Hi phpfreaks!!

 

Ive been wondering...  Sometimes i get "Notice: Undefined variable: .... "    I usually do a error_reporting(0);  or define it like $blabla = "";  somewhere in the beginning of my script.  How bad is a Undefinded variable ?  The script still works.  I just dont want no errors at all.

 

  :)

 

 

 

 

 

 

Link to comment
https://forums.phpfreaks.com/topic/107275-notice-undefined-variable-bla-bla/
Share on other sites
Barand Prolific Member

Barand

Posted
Posted

At best, it's bad programming practice to reference variables that haven't been initialised.

 

At worst, your script won't work. See trivial example below. I recommend you use error_reporting(E_ALL) when developing you scripts.

 

Example 

<?php
include 'db.php';

error_reporting(E_ALL);

if (isset($_POST['username']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT password FROM users WHERE username = '$username'";
$res = mysql_query($sql);
if ($row = mysql_fetch_row($res))
{
	if ($pasword == $row[0])                            // undefined variable - never logs in
	{
		exit("Login successful");
	}
}
}
?>
<form method='post'>
       Username <input type="text" name="username" size="12"> <br>
       Password <input type="text" name="password" size="12"> <br>
       <input type="submit" name="btnSubmit" value="Log in">
</form>

Daniel0 Advanced Member

Daniel0

Posted
Posted

At worst, your script won't work. See trivial example below. I recommend you use error_reporting(E_ALL) when developing you scripts.

 

And turn them off when the script is running on a live site. Expose as little information as possible to potential attackers.

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

The display_errors setting should be used on a live server to prevent the display of errors, but error_reporting should be left as E_ALL. This still allows error logging to show unexpected conditions, such as un-caught conditions with data verification that you might need to address in your code (maybe a search script keeps failing because commonly entered values are causing notices/warnings) or things like a hacker submitting deliberately invalid data to your script to see if he can break in. When warnings or notices are disabled, you don't have any record of what went wrong.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.