Undefined Variables Bad?

Just 'for fun' I switched error_reporting to (E_ALL) and get loads of Notice: Undefined variable: rewrite_product in [...] etc.

If I switch it back to 0 all works fine of course.

Just wondering, should I go to great lengths trying to get it 100% clean or does it not matter at all? It's just a 'notice' it doesn't break anything...

Just wondering.

 

If you develop under E_ALL, then you let PHP tell you when you've made a typo. If you're trying to access $tset, when the actual variable is $test, then you'll get a notice. Without E_ALL, you're stuck finding that for yourself.

Oh, and never use 0. Leave it on errors+warnings, at the very least.

 

Why would I want my customers to see a for them non-understandable error which is likely to make them run away more than anything else? Might as well surpress it and check error logs every now and then IMO.

 

Good code tells you what went wrong. No error message will give a false sense of success and the user will continue on making the error.

Imagine and input form for a DB, the user inputs 1000 items and details. Everytime they enter an item, the input screen echos it back and they are happy and do the next.

However, the programmer supressed errors and didn't program any notifications, so at the end of the day the user goes to the boss and says ok, all the itmes are keyed.

The boss runs the report and the DB is empty!

 

Well I know the code works. Full stop.

I obviously understand you should fix serious errors. What I wanted to know was, is a 'notice' an error I should fix? Even though I know the code works 100% perfectly fine?

I mean everything is a matter of setting priorities. If all of you think it deserves immediate attention because of X reason, I'll make it a higher priority. Right now I can't be bothered since I know it works.

 

There are actually two issues here.

1. PHP warnings

Even though your program works, warnings indicate potential errors. Undefined variables is one example. Consider this buggy code:

if($countt == $max)
   $count = 0;

PHP:

PHP will generate you a warning that $count is not defined, which will help you to find the bug, which otherwise you could only find running numerous tests and test-print variables. If you re-write this code as

$count = 0;
if($count == $max)
   $count = 0;

PHP:

, the warning will go away because you defined the variable first.

In fact, all high-level languages, such as C++ or Java will treat undefined variables as an error and there's no way to turn this off.

2. Error reporting

You must turn off all error reporting that users may see. Errors is an excellent source of information for hackers. For example, if you mutate input parameters (e.g. form parameters) and all of a sudden you get a MySQL error, you know that there's a good chance that there's a SQL injection vulnerability somewhere in the code.

J.D.

 

That's my idea of it. Have reporting on to the max in your safe dev environment (I always dev on a server that I block all IPs but mine) and turn it off once you're comfortable and know for sure it works, then move it to the masses.

 

I think leaving your error reporting on is important. You want to know what errors are happening even on your production server. That being said, you probably don't want those errors being shown to the general masses. So I leave the error reporting to E_ALL but set the display errors to 0. That way all errors will be written to the error log and you can go through them there.

//set error reporting level 0 for production 1 for dev
ini_set("display_errors", 0);

//turn on all php error reporting.
error_reporting(E_ALL);


That's my two cents worth.

 

That sounds like a plan. I think as standard all get written on my setup anyway.

 

It's an excellent clarification. Yes, it is important to log errors, but not to display them to the user.

If anybody is interested, the equivalent setting in IIS is in Properties > Home Directory > Configuration > Debugging > Send the following text error message to client.

J.D.

 

I'm from the school of make it perfect.

I know my code works, however, I do everything it expects cause I wrote it. I find it less work to put in all the error reporting and such to throw the error and cause concern right now.

I can be sent the error message in email or IM and know what is wrong with no further effort usually.

I save my time and my customers time by doing things this way IMO. I want to work as little as possible.

There is no minor error IMO. I don't even like warnings.

We can sit here and share our opinions on errors and warnings all day, but without knowing the exact warning you are dealing with, those priorities are arbitrary.

 

The only ones I have are undeclared variables.

What's the quickest way to get e-mail notification of an error on a Apache/FreeBSD setup (shared hosting so it has to be FTP-able).

 

Manually usually.

$contactemail=$technicalemail;
$myreplyemail=$technicalemail;
$myemail=$technicalemail;

$headers = "MIME-Version: 1.0\r\n"; 
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; 
$headers .= "From: ".$myname." <".$myemail.">\r\n"; 
$headers .= "To: ".$contactname." <".$contactemail.">\r\n"; 
$headers .= "Reply-To: ".$myname." <".$myreplyemail.">\r\n"; 
$headers .= "X-Priority: 1\r\n"; 
$headers .= "X-MSMail-Priority: High\r\n"; 
$headers .= "X-Mailer: PHP Mailer\r\n"; 

/* Connect to counter database server*/

if (!$link = mysql_connect($dbservername, $dbusername, $dbpassword) )
{
 	$stopadd=1;
 	$subject="Connect to counter database server failed";
	$message="Counter DB connect failed. " . $extime;
    mail($technicalemail, $subject, $message,$headers);
}

PHP:

There something I wrote like 3 years ago. I just happen to know where it was.

Is that whatcha meant?

 

Thanks.

But that's DB only, I was wondering about PHP's error reporting.

Is that possible to get mail notification for?

 

Yes, after you do something you can use error_reporting() to see the errorlevel and take action. I'd function it out with a switch statement. I'd pass the place in the code and the errorlevel. Parse it and email the error level as well as the place in the code info.

http://us3.php.net/manual/en/function.error-reporting.php

Problem with that is that you won't put this after each operation. It's gonna only work for you where you use it. I don't know how to setup a watchdog that can spawn a thread to email on the fly.

 

Undefined Variables Bad? Bad?

I think so,
It means your code is less than perfect, a matter of pride in your work.
Your code will take longer to run, after all calling a subroutine to handle the error and write a log entry will take time.

Undefined Variables Notices can be fixed by using

if (isset($var))
# or 
if (isset($var) and your_other_if )

PHP:

 

Also, undefinded variables with php auto globals on, is an open door to code manipulation.

 

On the idea of error reporting, I had made up something that I can just include at the beginning of the stack of code, usually in this case a large stack of code. From that file that I include it takes care of everything from showing me in an email message the error text, all the variables and the files that have been used so far and in what order they have been included in. From this I have it use the PHP error reporting control to call the function when an error occurs, as a result all the user sees is "An error as occurred and the webmaster has been notified."