UPDATE -- working on getting WAMP with phpDeveloper/Xdebug going. I still want NetBeans -- I just want to compare, see if I get some insights.
I am using NetBeans 6.9 with LAMP and Xdebug to work on PHP code. The Variables display works well, but lately it works less well. For example below, $authorized should be visible in the variables pane below the code and should expose its value. But it doesn't show, nor its value, and mousing over the code doesn't help. (The $this object is showing and it does go on and on, but $authorized isn't in there, and it wouldn't make sense if it were.)
This behavior is consistent. Maybe it's a function of the complexity of the code? Or rampant object usage? it seems to have started when I took up CodeIgniter.
Of course the variables are hidden when I need them most ... or so it seems to the poor human. What am I missing?
NetBeans debugger http://themanthursday.com/wiki/Debugger_Display.png
There's a better example below. When I'm stepping through this code, Variables displays only Superglobals and $this, just as in the picture. I can't see any values, even mere strings.
(Nagging thought: I bet the $CI SuperObject has something to do with all this ...)
class Product_documents {
function getProductImage_all($id)
//Return an array of all documents for this product
{
$imgPath = $this->_getProductImage_folder($id);
$arrayPossibleFilenames = $this->_getProductImage_possible_files($id);
foreach ($arrayPossibleFilenames as $imgFile) {
$imgPathFull = $imgPath.$imgFile;
$file_exists = get_file_info($imgPathFull);
if ($file_exists)
{
$arrayFilesPresent[] = $imgPathFull;
}
}
return $arrayFilesPresent;
}
}
Right click on the variable pane. Select "Filters". You will find the secret.
Came across this site that has a very nice link to an Xdebug page that walks one through the process of upgrading Xdebug by compiling a 'more latest' version:
http://icephoenix.us/php/xdebug-doesnt-show-local-variables-in-komodo-netbeans-or-eclipse-pdt/
Variables inside by objects/classes are showing up again! Yeah!
No watches, no 'this may make Xdebug freak out' messages - just good ol' variables that now fully expose the failure of my solution... (haha).
David
I've seen stuff like this before in Netbeans. I expect it's just a bug involving Netbean's interaction with XDebug. One possible workaround that I've seen before is adding a "Watch" for the variable that you can't see. For your example, you could go to the "Watches" tab and type in $authorized. It should show up once it has been set.
I think it comes down to the singleton pattern that is implemented in CodeIgniter as "Super Object". I never have restarted this project to test Kamal's idea. Shortly after he posted, I concluded the singleton was the reason (I did not try to guess whether Kamal has the solution or not). Thus my response to this post.
(2015) In php.ini under [xdebug], set xdebug.show_local_vars=1 if you want all the local variables in debug mode.
Try initializing $authorized to bool false.
I've seen Netbeans not show me variables initialized with a return value from a function without a doctype, but it's hit or miss enough to not be make a pattern out of.
Related
I'm using the following library to give a update feature to my WordPress and this works fine with the code of documentation.
https://github.com/YahnisElsts/plugin-update-checker/blob/master/README.md
require 'plugin-update-checker/plugin-update-checker.php';
$myUpdateChecker = Puc_v4_Factory::buildUpdateChecker(
'https://github.com/user-name/repo-name/',
__FILE__,
'unique-plugin-or-theme-slug'
);
But I'm really wondering where this '$myUpdateChecker' variable came from and how this is working, because I can't find any part of the library's files using this variable.
It seems to be totally independent for me.
Thank you in advance.
You're creating the variable right there. You can even name it something else if you want (eg. $update_checker), that shouldn't cause any issues in this particular case as the variable isn't being used anywhere else (according to your own words.)
For more details: PHP variables.
Full disclosure: I'm not a PHP programmer, rather a Javascript/Node programmer, but I'm trying to help a friend fix a fatal PHP error on their site.
To wit,
Fatal error: Call to undefined function import_request_variables()
I've looked it up and import_request_variables() is deprecated.
The relevant piece of code is this -- I noticed that the developer seems to have tried out the more modern form (?) and abandoned it.
import_request_variables("pgc", "re_");
//extract($_GET, EXTR_PREFIX_ALL, "pgc");
//extract($_POST, EXTR_PREFIX_ALL, "pgc");
//extract($_GET, EXTR_PREFIX_ALL, "re_");
//extract($_POST, EXTR_PREFIX_ALL, "re_");
I found a solution on Stack Overflow here Php import_request_variable stopped working, that suggests using that same extract method
extract($_GET, EXTR_PREFIX_ALL, 'p');
extract($_POST, EXTR_PREFIX_ALL, 'p');
Is this the correct method to follow? I've read in other posts (e.g. here) that this could lead to security errors, as does the PHP documentation here
Warning
Do not use extract() on untrusted data, like user input (e.g. $_GET, $_FILES).
and that it's best to import the variables specifically, but I'm not sure that I'm adept enough at PHP to go through all the code and figure out where each variable is being used...
What's the best way to solve this issue swiftly and securely?
Thanks for any help!
EDIT:
This is the code where the variables are used, for what it's worth
if ($re_sub && $re_sec) { $content="./$re_sec/$re_sub.php";}
else if ($re_sec) { $content="./$re_sec/index.php";}
else { $content="./home.php";}
Wow. import_request_variables went away in PHP5, that was a LONG time ago... hope you are upgrading to 7!
Anyway, it seems that you are basically trying to form POST and the content of the post determine the URL the user is sent to. Since you can't trust user input (or shouldn't anyway) you check what is sent in the $_POST array against a whitelist. Depending on how many sections and sub-sections you have, that whitelist can be hard coded, kept in a separate include file, stored in a database, etc.
Given a structure like
home
sec1
sec1sub1
sec1sub2
sec1sub3
sec2
sec2sub1
sec2sub2
sec2sub3
sec3
sec3sub1
sec3sub2
sec3sub3
You can do something like loop through your whitelist and see if a matching POST variable was sent, if so add it to the URL.
$url="/";
$whitelist=array();
$whitelist['cars']=array("compact","sedan","sportscar");
$whitelist['trucks']=array("diesel","4x4");
$whitelist['suvs']=array("crossovers","domestic","import");
foreach($whitelist as $k=>$v){
if(isset($_POST[$k])){
$url=$url."/".$k;
foreach($v as $subv){
if(isset($_POST[$subv])){
$url=$url."/".$subv;
}
}
}
}
header("location :".$url);
I was wondering if it is possible to see where variable were set in php code?
That would make debugging really easier as i assign different values to same variable based on some condition.
Nope.
However, many good PHP IDEs (at least NuSphere's phpEd, I'm sure Zend must have that too?) offer a possibility to jump to the point at which the variable was first used, and highlight all its occurrences.
If you are wondering about debugging. Do this.
if(condition)
{
echo "1";
$var = "something";
}
elseif(othercondition)
{
echo "2";
$var = "something";
}
...
Etc, this is really quickly done and you can see the number quickly in the output or a log file.
Sure. In Notepad++ you can install the SourceCookifier plugin.
From the website: "A plugin which uses Exuberant Ctags to parse either only the currently activated source file or multiple files of so-called sessions. The results are shown and can be browsed in a treeview inside of a dockable window."
From my own experience: it just works - for variables, functions, properties, methods, classes, interfaces... and some HTML and javascript stuff too.
This is a bit of an oddity for me. PHP is my forte, and I can normally figure out any issue I encounter.
I have a custom framework that I have been using for years. I have taken it upon myself to rewrite it, and I'm doing everything essentially the same that I was before. The problem lies in the following construct:
function ModPages_GetPage() {
$page = ModPages_GetPageByName($_GET['page_name']);
if($page != false) {
include(TPL_DIR.'pages/pages.view.php');
} else {
ErrorMessage('Invalid Page', 'The selected page could not be found.');
}
}
function ModPages_GetPageByName($page_name = null) {
$db = new Database;
$query = '
SELECT *
FROM pages
WHERE page_name = "'.CleanStr($page_name).'"
AND page_enabled = "yes"
LIMIT 1
';
$page = $db->GetRow($query);
return $page;
}
This code is being called with 'home' for the value of $_GET['page_name']. The call to ModPages_GetPageByName() is working fine, but the value of $page in ModPages_GetPage() isn't getting set. Matter of fact, any debugging statements thrown in after that call are failing to display anything.
I have display_errors set to on, and error_reporting set to E_ALL. I get a couple notices from my Database class, but that's it.
Running the script at a shell fails to produce any errors. When using strace, I do see the process spits out an 'exit_group(255)'.
This one has me quite baffled. I could sure use some direction on this.
I would think it's your query, shouldn't you just return the page name instead of star? as star (*) would return an array which is probably being passed back as the value? just my guess.
$query = '
SELECT *
FROM pages
WHERE page_name = "'.CleanStr($page_name).'"
AND page_enabled = "yes"
LIMIT 1
';
if you do a print_r on the $page return I would think it should be an array
$page = $db->GetRow($query);
echo "Page:<pre>".print_r($page,true)."</pre><br />\n";
Then maybe return something like this
return $page['page_name_field'];
ok before we get to a solution can we first make sure that before setting the $page variable, first just echo $_GET['page_name'] to see if there is a value being received.
PK
Does your script stop right after your database call, or just doesn't display any output?
If the first is true, then it looks like a fatal error. With E_ALL, it should be displayed, are you sure both display_errors and error_reporting are as you say at that point, and that the GetRow function doesn't alter them in any way? If so, maybe there's something in the Apache error log (PHP errors are sometimes logged there).
If the latter is true I'm thinking about an exception being thrown in a method that is being called, and caught in a higher level function. To check this you can put the database call (ie: the point where things go wrong) inside a try/catch block and see if you reach the catch block.
I would try following:
replace $_GET with $_REQUEST (maybe your form is using POST?)
do a print_r to check contents of your variables.
use mysql_error to view any errors, or print your mysql query in your browser, copy/paste it in phpmyadmin, is it returning anything? error.. data?
something similar happend to me once, my framework was encoded in ANSI and my calling php file was UTF8+BOM... I changed everything to UTF8+BOM and it worked.
try also different browser, I know it might not be a browser problem, but it might be that your script is cached somewhere.
are you using some caching? like eaccelerator?
Are those functions in a class? If so, you will need $page = $this->ModPages_GetPageByName().
Also I would echo out the argument and the sql statment in ModPages_GetPageByName(). This way you can verify that it isn't a SQL error.
I can't say for sure why your code isn't working, but I can make some suggestions that might help in locating the error.
The first thing I notice is you don't check that $db actually contains a valid database. I don't know the details of your Database object but I'm assuming there's some mechanism in there for checking if it's actually connected to the database. You should use that to determine if the database is connected before running queries on it.
$db = new Database ();
if ($db -> isConnected ())
{
$query = 'SELECT * (etc etc etc)';
// ...
}
else
{
// Put some kind of DB connection error notification or throw an exception here
}
Just on a stylistic note, you don't need to store the results of your DB lookup before returning it, unless you're planning on doing some processing on the result before returning it. You can just return the lookup directly. Of course that's just a stylistic choice, but it saves a line or two :)
return ($db->GetRow($query));
After you run your getpage function, I'd strongly recommend var_dump()ing the result. Even if your function returned NULL, you'll still see this in the var_dump. If in doubt, dump it out :). I'd also recommend installing xdebug to make the var_dump output more readable.
$page = ModPages_GetPageByName($_GET['page_name']);
var_dump ($page);
I would also strongly recommending var_dumping your query before you execute just to make absolutely sure that you're running the query you think you're running. Copy and paste the outputted query into sqlyog or phpmyadmin or whatever you use for interactive access to your database and make sure it returns what you think it should return.
Other things to check, is the page you're trying to return actually set page_enabled='yes'? Does the page_enabled column actually store the value as 'yes', or is it a bool or an integer or something else? Is magic quotes enabled or disabled? If they're in one state when you think they're in the other they can cause confusion. Are errors actually being reported to the browser? Add a line at the top of your script that's guaranteed to fail just to make sure, like an attempted foreach on an integer. If you don't see an error, then maybe error reporting isn't configured properly. I know those are obvious questions but I also know how easy it is to overlook the obvious if you're not getting what you expect out of a query.
Are you sure $page is not set, or is it just that your debug instructions don't print anything? Try logging to a file or a database instead; maybe your code triggered output buffering or something like that.
Also, you are calling ModPages_GetPageByName before declaring it. That is usually okay, but might not be in special circumstances (e.g. when the code is wrapped in an if block). Try swapping the two.
Also, check your environment and disable opcode caching and other possible error sources. APC for example can call the old version of the script long after you changed the PHP file.
While some of you have put extra effort into responding to this, nobody has been able to see the full picture, even given the details I have provided. I have been unable to trace the issue back to its source, but have moved on to a different project.
I have inherited some legacy PHP code what was written back when it was standard practice to use register_globals (As of PHP 4.2.0, this directive defaults to off, released 22. Apr 2002).
We know now that it is bad for security to have it enabled. The problem is how do I find all the places in the code where I need to use $_GET or $_POST? My only thought was to set the error reporting to warn about uninitialized variables and then test each part of the site. Is there an easier way? Will I have to test each code path in the site or will PHP give a warning on a file basis?
If you set error reporting to E_ALL, it warns in the error log about undefined variables complete with filename and line number (assuming you are logging to a file). However, it will warn only if when it comes across an undefined variable, so I think you will have to test each code path. Running php from the command line doesn't seem to help also.
There is a debugging tool named xdebug, haven't tried it, but maybe that can be useful?
I wrote a script using the built-in Tokenizer functions. Its pretty rough but it worked for the code base I was working on. I believe you could also use CodeSniffer.
You could manually 'fake' the register globals effect but add some security. (I partly grabbed this from the osCommerce fork called xoops)
// Detect bad global variables
$bad_global_list = array('GLOBALS', '_SESSION', 'HTTP_SESSION_VARS', '_GET', 'HTTP_GET_VARS', '_POST', 'HTTP_POST_VARS', '_COOKIE', 'HTTP_COOKIE_VARS', '_REQUEST', '_SERVER', 'HTTP_SERVER_VARS', '_ENV', 'HTTP_ENV_VARS', '_FILES', 'HTTP_POST_FILES');
foreach ($bad_global_list as $bad_global ) {
if ( isset( $_REQUEST[$bad_global] ) ) {
die('Bad Global');
}
}
// Make global variables
foreach ($_REQUEST as $name -> $value) {
$$name = $value; // Creates a varable nammed $name equal to $value.
}
Though you'd want to tweak it to make your code more secure, at least by adding your global configuration variables (like the path and base url) to the bad globals list.
You could also use it to easily compile a list of all used get/post variables to help you eventually replace all occurrences of, say $return_url, with $_REQUEST['return_url];
I know that there's a way to set php.ini values for that script with a certain command, I thus went looking and found this too - Goto last post on page
I also found the following post which may be of use - Goto last post on the page
I will add to this more if nobody has found an answer but I must now catch a train.