[PHP-DB] Undefined indicies
Slightly off topic, I apologise.
Total newbie. In many php DB tutorials I've seen, it's recommended to set
register_globals off, and error reporting to E_ALL.
When I looked at my system, register_globals was enabled and error reporting
was set to E_FATAL. I changed them to the suggested values (off and E_ALL),
and all hell broke loose. Clearly, I must not be very good at PHP yet. ;)
First question:
register_globals is a matter of security, so that's definitely valuable to
turn off. Is setting error reporting really useful if my aim is to become a
better PHP programmer?
I'm thinking along the lines of lint/splint, where this line of code in C:
printf(hello world\n);
generates a useless warning because I'm not using printf()'s return value.
I'm wondering whether it's useful for a scripting language, like PHP, to
warn me when I use code like:
if ( $_REQUEST['action'] == 'foo' )
do_something;
when I don't access the URL with a ?action=foobar type request.
Should I change error reporting back to E_FATAL or is being this
compulsive about warnings good for me (and my security)?
Second question:
If being compulsive is good for me, what's the best way of handling
something like above? From browsing php.net, I've thought of a few ways,
like a controlled suspension of compulsion:
if ( @ $_REQUEST['action'] == 'foo' )
do_something;
or, lord forbid:
if ( isset($_REQUEST['action']) $_REQUEST['action'] == 'foo' )
do_something;
and also variations on a theme:
if ( array_key_exists('action', $_REQUEST )
$action = $_REQUEST['action'];
if ( isset($action) )
do_something;
Personal preference must play into this, but I'm wondering what more
experienced PHP programmers do. My code is riddled with this kind of thing.
Thanks (and sorry for the long winded / slightly off-topic post!)
Pete
--
The mathematics of physics has become ever more abstract, rather than more
complicated. The mind of God appears to be abstract but not complicated.
He also appears to like group theory. -- Tony Zee's Fearful Symmetry
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Undefined indicies
Peter Jay Salzman wrote: Slightly off topic, I apologise. Yeah, you should ask this on php-general@lists.php.net Total newbie. In many php DB tutorials I've seen, it's recommended to set register_globals off, and error reporting to E_ALL. Good recommendations. Setting the error reporting to E_ALL is for when you are developing your application. You'd want to turn off error reporting (and log them to a file, for example) when it goes live. When I looked at my system, register_globals was enabled and error reporting was set to E_FATAL. I changed them to the suggested values (off and E_ALL), and all hell broke loose. Clearly, I must not be very good at PHP yet. ;) First question: register_globals is a matter of security, so that's definitely valuable to turn off. In your case, being a new programmer, yeah it's better to have it off. Note that having register globals ON makes it easier for you to introduce security issues into your code, especially if you're new. You can program security with it ON or OFF, it just takes some experience. Is setting error reporting really useful if my aim is to become a better PHP programmer? It is in my opinion. It'll help you during development to debug your code. I'm wondering whether it's useful for a scripting language, like PHP, to warn me when I use code like: if ( $_REQUEST['action'] == 'foo' ) do_something; when I don't access the URL with a ?action=foobar type request. In that specific example it may not be helping a lot. That's because you know what's going on, though and you know why the value isn't defined. What if you're doing something like if($something) though. You're 100% sure $something is set to a known value so if it really wasn't (for whatever reason), without error reporting telling you it's undefined, you'd probably waste time troubleshooting something else. Just one example, but either way it's going to help. If being compulsive is good for me, what's the best way of handling something like above? From browsing php.net, I've thought of a few ways, like a controlled suspension of compulsion: if ( @ $_REQUEST['action'] == 'foo' ) do_something; or, lord forbid: if ( isset($_REQUEST['action']) $_REQUEST['action'] == 'foo' ) do_something; Why lord forbid? This is how you should do it. I mean, since you do know what the issue is here, you could use the first method if you're afraid of isset() or something. I do it the second way, but yeah, it's personal preference. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Undefined indicies
On Sun, 26 Dec 2004 15:47:54 -0500, John Holmes [EMAIL PROTECTED] wrote: Peter Jay Salzman wrote: Slightly off topic, I apologise. if ( isset($_REQUEST['action']) $_REQUEST['action'] == 'foo' ) do_something; Personally I prefer the use of isset(), as it make sure that value is set before doing any type of operation on it. using @ is a dangerous practice as it just hide the errors. And yes error reporting ought to be E_ALL in development environment. zareef ahmed -- Zareef Ahmed :: A PHP Developer in India ( Delhi ) Homepage :: http://www.zareef.net -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
