SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Zealot
    Join Date
    Dec 2008
    Posts
    124
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Best practises - undefined variables?

    Sometimes I'm not sure what is going to be in the $_POST array and what is not. As a result I often get a stack of "Notices" such as:

    Code:
    Undefined index: detail_level in /blah.php on line 58
    Is it okay to turn notices off and just not worry about it, or is it considered poor programming to leave these things?

    If it's not considered good, how do I get around it in the most elegant way possible?

    I've tried

    Code:
    if ($_POST["detail_level"]) // check if it exists
         ... // do my stuff
    But that just gives the same notice.

    Thanks

  2. #2
    SitePoint Mentor bronze trophy
    John_Betong's Avatar
    Join Date
    Aug 2005
    Location
    City of Angels
    Posts
    1,826
    Mentioned
    73 Post(s)
    Tagged
    6 Thread(s)
    try this:
    [php]

    if (isset($_POST["detail_level"])) // check if it exists
    {
    ... // do my stuff
    }else{
    echo 'Yes we have no $_POST["detail_level"]';
    }


    [/php/

  3. #3
    SitePoint Enthusiast webdesignhouston's Avatar
    Join Date
    Dec 2010
    Posts
    58
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Most advanced PHP frameworks/applications provide wrapper functions for accessing GET, POST, COOKIE and SESSION.

    Besides checking for is_set() or array_key_exists(), these functions can perform additional tasks such as cleansing of user input and other common sense chores. An example of this would be checking the magic_quotes_gpc setting and, if necessary, removing the slashes added by PHP.

    I suggest that you look at the API of any open source application and learn how they handle the GET/POST variables.

  4. #4
    Unobtrusively zen silver trophybronze trophy
    paul_wilkins's Avatar
    Join Date
    Jan 2007
    Location
    Christchurch, New Zealand
    Posts
    14,701
    Mentioned
    101 Post(s)
    Tagged
    4 Thread(s)
    Quote Originally Posted by xgoannax View Post
    If it's not considered good, how do I get around it in the most elegant way possible?

    I've tried

    Code:
    if ($_POST["detail_level"]) // check if it exists
         ... // do my stuff
    But that just gives the same notice.
    The standard technique is to create a variable that will hold the value, check if the $_POST value exists, and if so, copy it to the created variable.

    Code php:
    $detail_level = '';
    if (isset($_POST['detail_level'])) {
        $detail_level = $_POST['detail_level'];
    }

    If you're PHP is version 5.2 or better, you can use filter_input instead

    Code php:
    $detail_level = filter_input(INPUT_POST, 'detail_level');

    which has some useful sanitizers and validators

    For example:

    Code php:
    $detail_level = filter_input(INPUT_POST, 'detail_level', FILTER_SANITIZE_STRING);

    or

    Code php:
    $detail_level = filter_input(INPUT_POST, 'detail_level', FILTER_VALIDATE_INT);
    Programming Group Advisor
    Reference: JavaScript, Quirksmode Validate: HTML Validation, JSLint
    Car is to Carpet as Java is to JavaScript


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •