Click here to get back home

notice and warning
 HomeNewsGroups | Search | About
Login Password
Register Now!
 comp.lang.php    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
notice and warning Jeff 07-16-2008
Posted by Jeff on July 16, 2008, 11:22 am
Please log in for more thread options
I turned on errors in php:

ini_set('display_errors','1');

And I got a slew of notices and a couple of warnings.

The notices are mostly missing indexes from doing things like this:

$some_var = $_REQUEST['some_name'];

And the warnings are when I have something like this:

Missing argument 1 ...

function someFoo($var1){
if($var1)
}

someFoo();

So, I turned display_errors back off, but wonder if I should do
anything about the this.

What is good programming practice?

Generally I care more about whether a variable is null or empty, and
not whether it has been set, which is what the "notices" seem to be
about. If I were to do this:

if(isset($var1)){

// I'd still have to do this:

if($var1){...

PHP is a new language for me, and I'd like to write "correctly"...but
I don't want to bloat the code either.

Oh, one more thing, I slipped into perl mode and did this:
$SOME_ARRAY and got no complaints, Is that "kosher"?

Jeff


Posted by Jerry Stuckle on July 16, 2008, 11:51 am
Please log in for more thread options
 Jeff wrote:
>
> I turned on errors in php:
>
> ini_set('display_errors','1');
>
> And I got a slew of notices and a couple of warnings.
>
> The notices are mostly missing indexes from doing things like this:
>
> $some_var = $_REQUEST['some_name'];
>
> And the warnings are when I have something like this:
>
> Missing argument 1 ...
>
> function someFoo($var1){
> if($var1)
> }
>
> someFoo();
>
> So, I turned display_errors back off, but wonder if I should do
> anything about the this.
>
> What is good programming practice?
>
> Generally I care more about whether a variable is null or empty, and
> not whether it has been set, which is what the "notices" seem to be
> about. If I were to do this:
>
> if(isset($var1)){
>
> // I'd still have to do this:
>
> if($var1){...
>
> PHP is a new language for me, and I'd like to write "correctly"...but I
> don't want to bloat the code either.
>
> Oh, one more thing, I slipped into perl mode and did this:
> $SOME_ARRAY and got no complaints, Is that "kosher"?
>
> Jeff
>
>

I always run with notices on on my development system, and fix the
problems which are called out.

They aren't necessarily errors - but the are potential bugs.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================


Posted by Erwin Moller on July 16, 2008, 12:14 pm
Please log in for more thread options
Jeff schreef:
>

Hi Jeff,



> I turned on errors in php:
>
> ini_set('display_errors','1');

Good.

>
> And I got a slew of notices and a couple of warnings.
>
> The notices are mostly missing indexes from doing things like this:
>
> $some_var = $_REQUEST['some_name'];
>

Don't use $_REQUEST[].
Use $_POST or $_GET or $_COOKIE or whatever you need, but don't use
$_REQUEST.
Doing so means you don't know where your data comes from.
(Some people, like me, think it should never have been added to the
language.)


> And the warnings are when I have something like this:
>
> Missing argument 1 ...
>
> function someFoo($var1){
> if($var1)
> }

Don't call functions with the wrong number of arguments. ;-)


>
> someFoo();
>
> So, I turned display_errors back off, but wonder if I should do
> anything about the this.

Yes you should.
Always have all notices/warnings on during development, and display them.


>
> What is good programming practice?

I think the best practise is:
1) Develop with all warnings/notices on.
2) Fix them
3) Test a lot. Try to hack your own application. Do things like sending
bad formdata (eg missing values, wrong values, etc.)
4) fix it.

When you have a good feeling and open your application to the world:
5) Do NOT display errors/warnings/etc anymore, but LOG them.
(Seeing errors makes it very easy for a hacker to gain more ground.)
6) Check your errorlog a lot.

In some of mine 'more serious' applications, I do the following:
- I make my own errorhandler.
- On any error (notice/warning/etc) I log this error, and send an email
to myself warning me about it.
- When an error accors, I simply redirect to a page saying: "Sorry, we
encountered an error, which is logged. Sorry for any inconvenience", or
something like that.

That way I make sure I never leak information of the internals of the
application (by setting display_error to off), but I get to see the
errors my application makes very quickly because of the email to myself.

Read more here:
http://nl2.php.net/manual/en/ref.errorfunc.php


>
> Generally I care more about whether a variable is null or empty, and
> not whether it has been set, which is what the "notices" seem to be
> about. If I were to do this:
>
> if(isset($var1)){
>
> // I'd still have to do this:
>
> if($var1){...

I don't know how you program, but I never find myself in that situation.
I initialize all variables I use, and always call functions with the
right number of arguments.
That is not 'bloated code', but clean programming.

>
> PHP is a new language for me, and I'd like to write "correctly"...but I
> don't want to bloat the code either.
>
> Oh, one more thing, I slipped into perl mode and did this:
> $SOME_ARRAY and got no complaints, Is that "kosher"?

You mean {} instead of []?
Never saw it, never used it. Isn't that an error?

>
> Jeff
>

Good luck!

Regards,
Erwin Moller

Posted by Jeff on July 16, 2008, 5:26 pm
Please log in for more thread options
Erwin Moller wrote:
> Jeff schreef:
>>
>
> Hi Jeff,
>
>
>
>> I turned on errors in php:
>>
>> ini_set('display_errors','1');
>
> Good.
>
>>
>> And I got a slew of notices and a couple of warnings.
>>
>> The notices are mostly missing indexes from doing things like this:
>>
>> $some_var = $_REQUEST['some_name'];
>>
>
> Don't use $_REQUEST[].
> Use $_POST or $_GET or $_COOKIE or whatever you need, but don't use
> $_REQUEST.
> Doing so means you don't know where your data comes from.
> (Some people, like me, think it should never have been added to the
> language.)
>
>
>> And the warnings are when I have something like this:
>>
>> Missing argument 1 ...
>>
>> function someFoo($var1){
>> if($var1)
>> }
>
> Don't call functions with the wrong number of arguments. ;-)
>
>
>>
>> someFoo();
>>
>> So, I turned display_errors back off, but wonder if I should do
>> anything about the this.
>
> Yes you should.
> Always have all notices/warnings on during development, and display them.
>
>
>>
>> What is good programming practice?
>
> I think the best practise is:
> 1) Develop with all warnings/notices on.
> 2) Fix them


Thanks Erwin & Jerry, I think then that I should "fix" notices for best
practice?


Now, lets say I have this notice ridden bit...

public function __construct($D){
global $DEFAULTS;
        $this->template = $D['template']; // prefer template stored in data

        if(! $this->template){$this->template = $_GET['template'];} //
otherwise use the one passed in on the query string


        if(! $this->template){$this->template = $DEFAULTS['default_template'];}
// if still no template, use the default

would this be preferred:

        if(isset($DEFAULTS['default_template'])){$this->template =
$DEFAULTS['default_template'];}

        if(isset($_GET['template'])){$this->template = $_GET['template'];}

        if(isset($D['template'])){$this->template = $D['template'];}

That would do the same thing except it wouldn't test for null or empty.

I'm used to Perl and perl does not care if a variable has been set,
I'm also used to doing this shorthand: $some_val ||= $some_default;

It looks to me that the php mindset is different than perl and I
haven't quite wrapped my mind about it.

Jeff




> 3) Test a lot. Try to hack your own application. Do things like sending
> bad formdata (eg missing values, wrong values, etc.)
> 4) fix it.
>
> When you have a good feeling and open your application to the world:
> 5) Do NOT display errors/warnings/etc anymore, but LOG them.
> (Seeing errors makes it very easy for a hacker to gain more ground.)
> 6) Check your errorlog a lot.
>
> In some of mine 'more serious' applications, I do the following:
> - I make my own errorhandler.
> - On any error (notice/warning/etc) I log this error, and send an email
> to myself warning me about it.
> - When an error accors, I simply redirect to a page saying: "Sorry, we
> encountered an error, which is logged. Sorry for any inconvenience", or
> something like that.
>
> That way I make sure I never leak information of the internals of the
> application (by setting display_error to off), but I get to see the
> errors my application makes very quickly because of the email to myself.
>
> Read more here:
> http://nl2.php.net/manual/en/ref.errorfunc.php
>
>
>>
>> Generally I care more about whether a variable is null or empty, and
>> not whether it has been set, which is what the "notices" seem to be
>> about. If I were to do this:
>>
>> if(isset($var1)){
>>
>> // I'd still have to do this:
>>
>> if($var1){...
>
> I don't know how you program, but I never find myself in that situation.
> I initialize all variables I use, and always call functions with the
> right number of arguments.
> That is not 'bloated code', but clean programming.
>
>>
>> PHP is a new language for me, and I'd like to write "correctly"...but
>> I don't want to bloat the code either.
>>
>> Oh, one more thing, I slipped into perl mode and did this:
>> $SOME_ARRAY and got no complaints, Is that "kosher"?
>
> You mean {} instead of []?
> Never saw it, never used it. Isn't that an error?
>
>>
>> Jeff
>>
>
> Good luck!
>
> Regards,
> Erwin Moller

Posted by Michael Fesser on July 17, 2008, 3:33 am
Please log in for more thread options
.oO(Jeff)

>Now, lets say I have this notice ridden bit...
>
>public function __construct($D){
>global $DEFAULTS;
>        $this->template = $D['template']; // prefer template stored in data
>
>        if(! $this->template){$this->template = $_GET['template'];} //
>otherwise use the one passed in on the query string

What do you actually want to test for? An unset template? Empty
template? A template with the string '0'?

You should always exactly write what you want to test for and don't rely
too much on PHP's type juggling. The '!' is a logical operator and
should not be used to check if a string or an array is empty. In this
case empty() is the better choice.

if (empty($D['template'])) {
if (empty($_GET['template'])) {
$this->template = $DEFAULTS['default_template'];
} else {
$this->template = $_GET['template'];
}
} else {
$this->template = $D['template'];
}

Or the same with ternary operators:

$this->template = empty($D['template'])
? empty($_GET['template'])
? $DEFAULTS['default_template']
: empty($_GET['template'])
: $D['template'];

Of course you would also have to validate/sanitize the GET value before
you use it. Never trust any user-submitted data.

Micha

Similar ThreadsPosted
PHP Notice vs. Warning August 5, 2008, 4:25 pm
implode notice February 13, 2005, 10:16 am
Re: Notice: Undefined index January 24, 2007, 8:30 am
Notice: Undefined variable August 12, 2007, 8:06 am
PHP Notice: Undefined property: April 4, 2008, 8:00 pm
Undefined offset notice with explode May 31, 2005, 2:55 am
apache error log fills up with php notice: September 16, 2005, 3:19 pm
Newbie - Notice: Undefined variable October 8, 2005, 11:25 am
Notice: Undefined index: Error April 25, 2007, 1:42 am
How to avoid 'Notice: Trying to get property of non-object' March 18, 2008, 3:26 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap