Do I need to declare my variables to be secure?

Do I need to declare my variables to be secure? I read that I should, but I don’t know if this holds true if register_globals is turned off. Any advice here? Would declaring each variable protect against any known vulnerabilities in php 5.3+?

Not exactly the same topic, but there’s a thread with a subject very close to this one going on at the moment. You may want to take a look at http://www.sitepoint.com/forums/showthread.php?799193-How-strict-are-you-in-initialising-your-variables :slight_smile:

Thanks for the link. I read the thread and it seems to be aimed more toward best practices, while I am more interested in security. They do usually overlap, but sometimes they do not, as a “best practice” can often take efficiency into account which can sidestep some security issues. I’m wondering if there was any known vulnerability in PHP if you do not declare a variable, and if so, if someone could point out a situation that this might be the case. (I’m not very good yet, so be clear!)

More secure? Most likely not. But it is best practice and certainly not less secure, so you should just initialize all your variables :slight_smile: