[SOLVED] php undefined variables

[NikkiLoveGod]

Hi!

 

I was thinking, that is it considered to be bad programming design, if I use undefined variables in my code. And do they pose me to some security threats?

 

I would use undefined variables like while echoing stuff. Say I have a "add_news_view" that I want to combine with edit news, and making it edit view, I would just have to populate the form in it. So there would be something like <input type="text" name="header" value="<?= $data['header'] ?>" /> and if I am adding news, those are empty, and if I am editing, I just provide it with the data array that has those values.

 

Or the question might be more of "empty variables" rather than undefined. Both? So what do you recon?

 

Thanks alot!

 

-NikkiLoveGod

[trq]

Yes. Attempting to use undefined variables is bad practice. You should always program with error reporting set to E_ALL, this will ensure all your variables are defined or you will get warnings.

[NikkiLoveGod]

I kinda thought so too. And I am using it, so I know when I have used one. But does it pose some security threat?

 

And what would you recommend doing in that kind of situation? I wouldn't like to make two separate views for adding and editing, especially when there is practically no other difference, than the fact that there is the values. And I think there are a lot of similar cases.

 

I find it a lot worse to have something like if(isset($var)) ? echo $var : echo ''; on some value field.

 

note: yea, I know the example sucks but anyways :DD

[trq]

But does it pose some security threat?

 

Not unless you have register_globals enabled.

 

I find it a lot worse to have something like if(isset($var)) ? echo $var : echo ''; on some value field.

 

Its up to you I guess. You can either program well, or hack scripts together.

[corbin]

Or you can just always set defaults.

 

 

For example, when I get input data, I usually set stuff like (short, concise example):

 

$var = (isset($_POST['var'])) ? trim($_POST['var']) : '';

 

 

Then, $var is never empty.

 

 

 

Why do you have variables that are never set?  Where do they come from?

[NikkiLoveGod]

I am imagining a case, where I have made the program by mvc "pattern"(?) and have different views for different things.

 

Like I have a news section that has a newsModel, newsController, newsView. newsController checks the current "method" or action we want to do, and tells the newsView to load it. Now the add_news and edit_news views would be identical to eachother in all other parts, than the form values. So I wouldn't want to create two different template files for adding and editing, where I would have to repeat the same code.

 

So it is just a lot easier to echo some variables inside the template, and then when I am editing, I just provide the variables some values.

 

The values would be inputted to the view by the controller, and the controller would get it from the model, which would then have a method there that would get the data from a database.

 

To get rid of the warning, i might be able to define magic method __call and check if the var is defined, and if it isnt, put '' in there so it is atleast defined. Or does __call affect just another methods?

 

So, did you get anything out of it? What do you recommend?

[corbin]

You could probably try to use __get.

 

 

 

I would just set them to defaults though, unless there are like 5000 fields.

 

 

 

Oh, semi-side note, you can always do:

 

echo (isset($var)) $var : '';

 

 

Not much better than an if, but a little shorter.

[NikkiLoveGod]

Ok, i'll try and see what the __get does for me.

 

Anyhow, its clear that I need to put up some default values for them, either by hand or by __get thingy.

 

Thanks alot for all of you guys!