SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Addict Banana Man's Avatar
    Join Date
    Dec 2005
    Posts
    391
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Undefined Variables Notice

    I am curious to know if having undefined variables is a security risk when Register Globals is turned off? I am running a query to get page text for my site from a database and it all works fine. If however there is no row returned from my database if i try to get text for a page that doesn't exist for example i get Notice: Undefined Variables errors.

    It's not an issue for me unless there is an error somewhere and nothing gets returned from the database but i thought i should find out anyway.

    Thanks!

  2. #2
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    73 Post(s)
    Tagged
    0 Thread(s)
    Undefined variables means that you tried to use a variable without it having been defined a value. (Null is a value.)

    It's not a security risk directly; it may be an indication of an attempted security breach (or just a bad spambot)
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.

  3. #3
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    5,068
    Mentioned
    103 Post(s)
    Tagged
    0 Thread(s)
    Add just before the point where you're grabbing the result set:

    PHP Code:
    $the_result_set=array(); 
    Note: "the_result_set" should be replaced with whatever you have named the array that the result set array.

    That will set the result set array so that it will still be an array albeit an empty one even if no rows were returned by a successful query. Then you can use empty() to determine if any rows exist in the result set.
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  4. #4
    SitePoint Evangelist
    Join Date
    Oct 2005
    Location
    Michigan, USA
    Posts
    434
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    It can sometimes lead to unintentional errors. It's not something people on the outside can use to do bad stuff (but that warning message may give them some clues on what they can do) but it could cause you to do the wrong thing yourself. I've seen stuff like this:

    PHP Code:
    $list = array( 12);
    foreach( 
    $list as $a ) {
      
    // something
    }

    // later in code...

    if( $some_check ) {
      
    $a count$some_list );
    }
    if( 
    $a ) {
      
    // $a is still set as 3 but you're intending something else here

    - Robert


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •