so if I have this code:
$bla = 1;
if($foo && $bla) do_whatever...
I get a notice telling me that $foo is a undefined variable.
So I have to change my code to this:
$bla = 1;
if(isset($foo) && $foo && $bla) do_whatever...
Is there anyway I can avoid checking if a variable is assigned and just assume the variable is false, but without having to turn off PHP notices?
Depending on the exact behavior you want, you can check if the variable is empty():
Returns FALSE if var has a non-empty
and non-zero value.
The following things are considered to
be empty:
"" (an empty string) 0 (0 as an
integer) "0" (0 as a string) NULL
FALSE array() (an empty array) var
$var; (a variable declared, but
without a value in a class)
It's important to understand all those cases, but it's handy language construct. if $foo is undefined if($foo) will throw a notice, but if(!empty($foo)) will not -- the expression will evaluate to false
This should not be abused, however. As others have stated, those notices are for your protection, so if you can define your variables, you should do so. Where empty() comes in especially handy is things like if (!empty($_GET['foo'])) - testing for the existence of input in superglobals.
The entire point of notices is to tell you that something might be wrong (such as writing $fooo instead of $foo). So, if you're not going to use them, you might as well disable them. You can disable a notice selectively by setting your own error handler, and discarding the error silently when it's of the "undefined variable" kind.
Of course, the clean thing to do would be to define your variables in the first place.
No, there isn't.
No, you should always know exactly what's going on with your variables. In fact, you should never need to use isset() on a variable itself at all.
You could do:
if(#$foo && $bla) do_whatever...
The # will suppress the warning.
But you really shouldn't do it. Not checking ALL your input is just plain WRONG.
Related
it occured to me that some people prefer to use !empty($val) over !$val to check a strings existance. what are the advantages of using !empty() over ! if any?
lets assume string can be:
null
""
"false"
"1"
"0"
all of the above give the same result in both methods. is there any other case that would cause problems using one instead of the other?
empty($var) vs. !$var a.k.a. $var == false
The only difference is that empty does not throw an Undefined variable notice if the variable does not exist, otherwise they're both identical. Now, if you are sure that the variable should exist, use just !. If the variable may legitimately not exist, use empty. If you needlessly use empty, you're just needlessly disabling PHP's error reporting mechanism which may help you catch problems with mistyped variables or logic errors.
Also see The Definitive Guide To PHP's isset And empty.
To my understanding, in oppose to javascript which offers the convenient if (var) {}, even if var doesn't exist, in PHP you have to use if (isset(var)) {}, or if (isset(var) && var) {}.
Today I've stumbled upon a login tutorial that seems to be from a reliable source, in which isset is not used:
if(!$_SESSION['id']):
[From the linked page, demo.php section, line 15]
On my local sever, this line breaks when $_SESSION['id'] is not set, which is, IMHO, an expected behaviour. $_SESSION['id'] is not defined prior to this line.
Is there a mysterious way to avoid the annoying isset() check?
Your application doesn't "break", because it is just a notice and yes: You should always test the existence of array keys, if you are unsure, whether they exists, or not.
$defaults = array('id' => null);
$session = array_merge($defaults, $_SESSION);
Now you can be sure, that $session has a key id.
However, your can suppress warnings and notices with #
if (!#$_SESSION['id']) { /* .. */ }
But usually if you ever touch the # key:
You have a really good reason
You did something wrong :)
In a clean application you need # only in some very rare cases.
A word at the end: Never use values from outside without validation!
if(!$_SESSION['id']) will just check if the session variable is blank. isset checks if it's NULL. Personally empty() is the way to go. It checks:
"" (an empty string)
0 (0 as an integer)
0.0 (0 as a float)
"0" (0 as a string)
NULL
FALSE
array() (an empty array)
$var; (a variable declared, but without a value)
I'm wondering if there is a more elegant way to do this:
$foo = (isset($bar) and array_key_exists('meh', $bar)) ? $bar['meh'] : '';
If I remove the isset part, PHP issues a warning if $bar isn't an array, if I remove the array_key_exists part, PHP issues a warning if the meh key isn't in the array. Is there a more graceful, warning free, way of achieving the same end?
You take exactly the steps required to "secure" code against the warnings you mention.
However, the warnings are there for a reason. Typically it makes more sense to check, if you can prevent situations where the variables you are trying to access are not initialized.
You can reference the key directly. Inside isset it won't even throw an exception if $bar is undefined.
$foo = isset($bar['meh']) ? $bar['meh'] : '';
The difference between array_key_exists and isset is that isset will return FALSE if the key corresponds to a NULL value. In my code above, a NULL value will therefore result in $foo begin the empty string, not NULL. If that is a problem your current approach will be the best.
Yesterday, I posted an answer to a question that included several (unknown to me at the time) very bad code examples. Since then, I've been looking at my fundamental knowledge of PHP that allowed me to think that such code is possible. This brings me to a question that I can't seem to find an answer to:
If I want to check for whether or not a variable has anything set, is it a valid practice to not use isset() or another helper function? here's a "for instance":
if($not_set){
//do something
} else {
//do something else
}
Rather than...
if(isset($not_set)){
//do something
} else {
//do something else
}
From the name of the variable, you can see that this variable is not set. Therefore the conditional would be false and the else portion would run. Up until now I have been using this practice, but after the posts yesterday, I now have an inkling that this is wrong.
Here's why I thought that it would be an ok practice to leave out the isset() function above. From PHP manual:
The if construct is one of the most
important features of many languages,
PHP included. It allows for
conditional execution of code
fragments. PHP features an if
structure that is similar to that of
C:
if (expr) statement
As described in the section about
expressions, expression is evaluated
to its Boolean value. If expression
evaluates to TRUE, PHP will execute
statement, and if it evaluates to
FALSE - it'll ignore it. More
information about what values evaluate
to FALSE can be found in the
'Converting to boolean' section.
And from the 'Converting to boolean section':
When converting to boolean
, the following values are considered
FALSE:
...
* the special type NULL (including unset variables)
Why would the manual go out of its way to state that unset variables are included if this is a bad practice? If it's unset, it gets converted to NULL and therefore is evaluated properly by the conditional. Using isset() will find the same result, but will take extra cycles to do so.
Have I been wrong this whole time, and if so, why? (And just how bad it is, maybe?)
If the variable is not set you get a Notice. If you use isset() you don't get a notice. So from an error reporting point of view, using isset() is better :)
Example:
error_reporting(E_ALL);
if($a) {
echo 'foo';
}
gives
Notice: Undefined variable: a in /Users/kling/test on line 5
whereas
error_reporting(E_ALL);
if(isset($a)) {
echo 'foo';
}
does not output anything.
The bottom line: If code quality is important to you, use isset().
It's okay but not good practice to use if to check for a set variable. Two reasons off the top of my head:
Using isset makes the intent clear - that you're checking whether the variable is set, and not instead checking whether a condition is true.
if ($not_set) will evaluate to false when $not_set is actually set but is equal to boolean false.
You will run in to problems if your variable is set, but evaluates to FALSE, like the following:
the boolean FALSE itself
the integer 0 (zero)
the float 0.0 (zero)
the empty string, and the
string "0"
an array with zero elements
an object with zero member
variables (PHP 4 only)
the special type NULL (including
unset variables)
SimpleXML objects created from empty
tags
Taken from the PHP manual.
Basically, using isset() is showing that you are explicitly checking if a variable exists and is not NULL, while the structure of your if statement only checks if the variable is true. It is more clear and less error-prone.
It is a common practise, but is not good -- you should always use isset!
If your $not_set is set, and is a bool with the value false, your "test" will fail!
isset works as a guard preventing you from using variables that do not actually exist.
if (isset($foo)) and if ($foo) do not mean the same thing. isset just tells you if the variable actually exists and if it's okay to use it, it does not evaluate the value of the variable itself*.
Hence, you should usually use one of these two patterns:
If the variable is sure to exist and you just want to check its value:
if ($foo == 'bar')
If the variable may or may not exist, and you want to check its value:
if (isset($foo) && $foo == 'bar')
If you're just interested that a variable is set and evaluates to true, i.e. if ($foo), you can use empty:
if (isset($foo) && $foo)
// is the same as
if (!empty($foo))
* it does check for null, where null is as good as not being set at all
What is the best way to define that a value does not exist in PHP, or is not sufficent for the applications needs.
$var = NULL, $var = array(), $var = FALSE?
And what is the best way to test?
isset($var), empty($var), if($var != NULL), if($var)?
Initializing variables as what they will be, e.g. NULL if a string, array() if they will be arrays, has some benefits in that they will function in the setting they are ment to without any unexpected results.
e.g. foreach($emptyArray) won't complain it just wont output anything, whereas foreach($false) will complain about the wrong variable type.
But it seams like an unnecessary hassle to have so many different ways of doing basically the same thing. eg. if(empty($var)) or if ($var == NULL)
Duplicate: Best way to test for a variable’s existence in PHP; isset() is clearly broken
Each function you named is for different purposes, and they should be used accordingly:
empty: tells if an existing variable is with a value that could be considered empty (0 for numbers, empty array for arrays, equal to NULL, etc.).
isset($var): tells if the script encountered a line before where the variable was the left side of an assignment (i.e. $var = 3;) or any other obscure methods such as extract, list or eval. This is the way to find if a variable has been set.
$var == NULL: This is tricky, since 0 == NULL. If you really want to tell if a variable is NULL, you should use triple =: $var === NULL.
if($var): same as $var == NULL.
As useful link is http://us2.php.net/manual/en/types.comparisons.php.
The way to tell if the variable is good for a piece of script you're coding will entirely depend on your code, so there's no single way of checking it.
One last piece of advice: if you expect a variable to be an array, don't wait for it to be set somewhere. Instead, initialize it beforehand, then let your code run and maybe it will get overwritten with a new array:
// Initialize the variable, so we always get an array in this variable without worrying about other code.
$var = array();
if(some_weird_condition){
$var = array(1, 2, 3);
}
// Will work every time.
foreach($var as $key => $value){
}
Another thing to remember is that since php is liberal in what it allows to evaluate to NULL or empty, it's necessary to use the identity operators (===, !== see http://php.net/operators.comparison. This is the reason why all of these comparison and equality functions exists, since you often have to differentiate between values with subtle differences.
If you are explicitly checking for NULL, always use $var === NULL
My vote goes for unset(), because non existing variables should generate an notice when used.
Testing gets a bit more complicated, because isset() wil be false if the variable is "not existings" or null. (Language designflaw if you'd ask me)
You could use array_key_exists() for valiables in $GLOBALS, $_POST etc.
For class properties there is property_exists().