Undefined Variables Notice

I am curious to know if having undefined variables is a security risk when Register Globals is turned off? I am running a query to get page text for my site from a database and it all works fine. If however there is no row returned from my database if i try to get text for a page that doesn’t exist for example i get Notice: Undefined Variables errors.

It’s not an issue for me unless there is an error somewhere and nothing gets returned from the database but i thought i should find out anyway.


Undefined variables means that you tried to use a variable without it having been defined a value. (Null is a value.)

It’s not a security risk directly; it may be an indication of an attempted security breach (or just a bad spambot)

Add just before the point where you’re grabbing the result set:


Note: “the_result_set” should be replaced with whatever you have named the array that the result set array.

That will set the result set array so that it will still be an array albeit an empty one even if no rows were returned by a successful query. Then you can use empty() to determine if any rows exist in the result set.

It can sometimes lead to unintentional errors. It’s not something people on the outside can use to do bad stuff (but that warning message may give them some clues on what they can do) but it could cause you to do the wrong thing yourself. I’ve seen stuff like this:

$list = array( 1, 2, 3 );
foreach( $list as $a ) {
  // something

// later in code...

if( $some_check ) {
  $a = count( $some_list );
if( $a > 0 ) {
  // $a is still set as 3 but you're intending something else here