A non-declared variable and boolean value

[tsangaris]

Hi there,

 

I have a simple question to ask:

 

Say i have a PHP script:

<?php

  var_dump($undeclaredVariable);
  /* The output is NULL */

  if($a==$b)
  {
    if($c == $d)
    {
       $undeclaredVariable = TRUE;
    }
    else
    {
       $undeclaredVariable = FALSE;
    }
  }
  
   

  if($undeclaredVariable == TRUE)
  {
    echo 'the undeclared variable is TRUE';
  } 

  if($undeclaredVariable == FALSE)
  {
    echo 'the undeclared variable is FALSE';
  } 

?>

Reading the PHP Type Comparison Table:

 

$x = null;  boolean if($x)  = FALSE

 

Using the code above, I see the "the undeclared variable is FALSE", which is OK since it proves the PHP documentation.

 

But as you can see, if $a !=$b then the $undeclaredVarable will not be declared(defined). 

 

Is this an "OK" way to work this out? Or should I find a way to declare the variable whatever the case?

 

Thanks in advance,

 

Christos

[mac_gyver]

Is this an "OK" way to work this out?

 

 

in programming, the best way of dong something requires knowing the context.

 

what are you actually doing, what problem are you having by doing it this way, and how many times in a program are you going to be doing it (if you have a set of data, you would use an array, and the coding would use a different method, than for one discrete variable)?

 

the best answer for your situation may be to always define the variable with a default value first. the best answer for your situation may be to use something like a ternary operator to define and give the variable a value if a set of conditions are true or a default value if the conditions are not true. the best answer for your situation may be to skip over all the code that's dependent on a variable if the conditions are not met.

Edited February 23, 2016 by mac_gyver

[maxxd]

As mac_gyver points out, it's difficult to give decent advice with no idea of the code context. You could do

$undeclaredVariable = ($a == $b) && ($c == $d);

However, this assumes that there's no additional logic for when $a != $b but $c == $d, or $a == $b but $c != $d, and that there are no additional assignments or operations around the logic for the setting of $undeclaredVariable. Depending on what you're attempting to use $undeclaredVariable for, you'll probably want to set it to false before you start your nest of conditionals.

[Psycho]

To add to mac_gyver's responsse:

 

The above "works" because PHP is a loosely typed language. In other words, it tries to make judgement calls on values that are not strictly the same. E.g.

if(1 == '1') { echo "TRUE"; }

will output TRUE even though the number '1' and the string '1' are not the same type of value. In your example above you have this

if($undeclaredVariable == FALSE)

The$undeclaredVariable is actually not defined, i.e. NULL. PHP will loosely compare that to FALSE. Depending on your error reporting level you might actually get a warning trying to compare that undefined variable.

 

So, you should either define a default for the variable first or if there is a chance a variable may not be set when you need to test it you could use the isset() function along with whatever trivial check you are doing

if(!isset($undeclaredVariable) || $undeclaredVariable == FALSE)

The isset() should come first. If that is true, then the code does not proceed to the OR condition and prevents the possible warning.

 

EDIT: Some additional points:

 

This page shows the difference between loose comparisons and strict comparisons in PHP: http://php.net/manual/en/language.operators.comparison.php

 

Here is some example code to illustrate

if(!isset($undeclaredVariable))
{
    echo 'the undeclared variable is not set';
}
if($undeclaredVariable == TRUE)
{
    echo 'the undeclared variable is INTERPRETED as a "TRUE" value: it is set and not null, not 0, not an empty string, not an empty array, etc.';
} 
if($undeclaredVariable === TRUE) //Note tripple equal signs ===
{
    echo 'the undeclared variable IS exactly the BOOLEAN "TRUE"';
}
if($undeclaredVariable == FALSE)
{
    echo 'the undeclared variable is INTERPRETED as a "FALSE" value: not set, is null, is 0, is an empty string or array, etc.';
}
if($undeclaredVariable == FALSE) //Note the !==
{
    echo 'the undeclared variable IS exactly the BOOLEAN "FALSE"';
}

Edited February 23, 2016 by Psycho

[Jacques1]

As to your original question: No, it's not OK to use potentially undefined variables, even if PHP still runs the code.

• Using undefined variables triggers notices. Of course you may suppress or ignore notices, but then you're likely to miss actual bugs.
• It's a security risk. If a variable isn't defined, an attacker may be able to inject their own value and manipulate the control flow of the program. This has happened with the infamous register_globals misfeature, and it's still happening with the extract() function.
• It's extremely confusing and can lead to errors. For example, it's sometimes desirable or even necessary to do type-safe comparisons with the === operator. If the value is just “kinda false”, this comparison will fail.

Yes, PHP accepts and even encourages sloppy programming. But that doesn't mean you should do it.