Jump to content

Recommended Posts

Hi there,

 

I have a simple question to ask:

 

Say i have a PHP script:

<?php

  var_dump($undeclaredVariable);
  /* The output is NULL */

  if($a==$b)
  {
    if($c == $d)
    {
       $undeclaredVariable = TRUE;
    }
    else
    {
       $undeclaredVariable = FALSE;
    }
  }
  
   

  if($undeclaredVariable == TRUE)
  {
    echo 'the undeclared variable is TRUE';
  } 

  if($undeclaredVariable == FALSE)
  {
    echo 'the undeclared variable is FALSE';
  } 

?>

Reading the PHP Type Comparison Table:

 

$x = null;  boolean if($x)  = FALSE

 

Using the code above, I see the "the undeclared variable is FALSE", which is OK since it proves the PHP documentation.

 

But as you can see, if $a !=$b then the $undeclaredVarable will not be declared(defined). 

 

Is this an "OK" way to work this out? Or should I find a way to declare the variable whatever the case?

 

Thanks in advance,

 

Christos

Is this an "OK" way to work this out?

 

 

in programming, the best way of dong something requires knowing the context.

 

what are you actually doing, what problem are you having by doing it this way, and how many times in a program are you going to be doing it (if you have a set of data, you would use an array, and the coding would use a different method, than for one discrete variable)?

 

the best answer for your situation may be to always define the variable with a default value first. the best answer for your situation may be to use something like a ternary operator to define and give the variable a value if a set of conditions are true or a default value if the conditions are not true. the best answer for your situation may be to skip over all the code that's dependent on a variable if the conditions are not met.

Edited by mac_gyver

As mac_gyver points out, it's difficult to give decent advice with no idea of the code context. You could do

$undeclaredVariable = ($a == $b) && ($c == $d);

However, this assumes that there's no additional logic for when $a != $b but $c == $d, or $a == $b but $c != $d, and that there are no additional assignments or operations around the logic for the setting of $undeclaredVariable. Depending on what you're attempting to use $undeclaredVariable for, you'll probably want to set it to false before you start your nest of conditionals.

To add to mac_gyver's responsse:

 

The above "works" because PHP is a loosely typed language. In other words, it tries to make judgement calls on values that are not strictly the same. E.g.

if(1 == '1') { echo "TRUE"; }

will output TRUE even though the number '1' and the string '1' are not the same type of value. In your example above you have this

if($undeclaredVariable == FALSE)

The$undeclaredVariable is actually not defined, i.e. NULL. PHP will loosely compare that to FALSE. Depending on your error reporting level you might actually get a warning trying to compare that undefined variable.

 

So, you should either define a default for the variable first or if there is a chance a variable may not be set when you need to test it you could use the isset() function along with whatever trivial check you are doing

if(!isset($undeclaredVariable) || $undeclaredVariable == FALSE)

The isset() should come first. If that is true, then the code does not proceed to the OR condition and prevents the possible warning.

 

EDIT: Some additional points:

 

This page shows the difference between loose comparisons and strict comparisons in PHP: http://php.net/manual/en/language.operators.comparison.php

 

Here is some example code to illustrate

if(!isset($undeclaredVariable))
{
    echo 'the undeclared variable is not set';
}
if($undeclaredVariable == TRUE)
{
    echo 'the undeclared variable is INTERPRETED as a "TRUE" value: it is set and not null, not 0, not an empty string, not an empty array, etc.';
} 
if($undeclaredVariable === TRUE) //Note tripple equal signs ===
{
    echo 'the undeclared variable IS exactly the BOOLEAN "TRUE"';
}
if($undeclaredVariable == FALSE)
{
    echo 'the undeclared variable is INTERPRETED as a "FALSE" value: not set, is null, is 0, is an empty string or array, etc.';
}
if($undeclaredVariable == FALSE) //Note the !==
{
    echo 'the undeclared variable IS exactly the BOOLEAN "FALSE"';
}
Edited by Psycho

As to your original question: No, it's not OK to use potentially undefined variables, even if PHP still runs the code.

  • Using undefined variables triggers notices. Of course you may suppress or ignore notices, but then you're likely to miss actual bugs.
  • It's a security risk. If a variable isn't defined, an attacker may be able to inject their own value and manipulate the control flow of the program. This has happened with the infamous register_globals misfeature, and it's still happening with the extract() function.
  • It's extremely confusing and can lead to errors. For example, it's sometimes desirable or even necessary to do type-safe comparisons with the === operator. If the value is just “kinda false”, this comparison will fail.

Yes, PHP accepts and even encourages sloppy programming. But that doesn't mean you should do it.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.