From: Shawn McKenzie

> Bob McConnell wrote:
>> In the first case, $a=5 creates a multi-typed variable. The
>> makes its best guess how the next two expressions should be
>> In both cases, they look a lot like an index into a character array
>> (string), and 'test' evaluates numerically to zero. Both are valid
>> offsets for a string, so no messages are generated.
>> In the second case, $a is explicitly declared as an array. This give
>> interpreter a lot more detail to work from. The two expressions are
>> an index and a key for the array. But both of them evaluate to
>> that have not been assigned, which raises a flag and creates the
>> warnings.
>> Such are the joys of loosely typed languages.
> Yes, this is what I was thinking as well, however:
> $a=5;
> print $a[0];   // if it is index 0 then it should print 5 yes?
> print $a[100]; // there is no index 100 so why no notice?

I'm assuming that the PHP interpreter works much like a C compiler. i.e.
It doesn't keep track of the size of strings. It knows that $a maps to a
memory location, and $a[100] maps to that location plus 100 characters.
As long as that is still a valid memory address for this process, it
doesn't see anything wrong. If it is outside the process memory, you are
more likely to get a General Protection Fault, or the equivalent OS

In security parlance, this is what is known as a buffer overflow error.
The application programmer is responsible for keeping track of string
sizes and insuring that indexes don't move past the end of the allocated
space. It is also why functions like snprintf should be used instead of

Bob McConnell

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to