• Register
search
Log In

Reason behind this issue:

Depending on the default value of an uninitialized variable is insecure in the instance of adding one file into another which exercies the similar variable name. It is also a main security risk with register_globals turned on. E_NOTICE level error is risen in case of performing with uninitialized variables, but not in the instance of appending elements to the uninitialized array. isset() language construct can be applied to detect in case a variable has been already initialized. Additionally and more ideal is the resolution of empty() because it does not produce a warning or error message if the variable is not initialized.

Solution:

Methods to eradicate this issue:

Method 1:

Declare your variables, for instance- at the time you attempt to append a string to an undefined variable. Else apply isset() / !empty() to inspect in case they are declared prior referencing them, as in:

//Initializing variable
$value = ""; //Initialization value; Examples
             //"" When you want to append stuff later
             //0  When you want to add numbers later
//isset()
$value = isset($_POST['value']) ? $_POST['value'] : '';
//empty()
$value = !empty($_POST['value']) ? $_POST['value'] : '';

This has turn out much cleaner as of PHP 7.0, currently you can apply the null coalesce operator:

// Null coalesce operator - No need to explicitly initialize the variable.
$value = $_POST['value'] ?? '';

Method 2:

Fixed a custom error handler for E_NOTICE and redirect the messages aloof from the standard output :

set_error_handler('myHandlerForMinorErrors', E_NOTICE | E_STRICT)

Method 3:

Now, you can disable E_NOTICE from reporting. A prompt genre to exclude only E_NOTICE is:

error_reporting( error_reporting() & ~E_NOTICE )

Method 4:

Supervision in case the index exists prior you access it. For this you can apply isset() or array_key_exists():

//isset()
$value = isset($array['my_index']) ? $array['my_index'] : '';
//array_key_exists()
$value = array_key_exists('my_index', $array) ? $array['my_index'] : '';

Method 5:

The language build list() may originate this at the time it tries to access an array index that does not exist:

list($a, $b) = array(0 => 'a');
//or
list($one, $two) = explode(',', 'test string');

 

Hopefully, follwing these methods you will be able to solve your problem.

posted Jun 28 in php 12,840 points