Detecting insufficient PHP variables: FALSE vs NULL vs unset() vs empty()?

Detecting insufficient PHP variables: FALSE vs NULL vs unset() vs empty()? - php

What is the best way to define that a value does not exist in PHP, or is not sufficent for the applications needs.
$var = NULL, $var = array(), $var = FALSE?
And what is the best way to test?
isset($var), empty($var), if($var != NULL), if($var)?
Initializing variables as what they will be, e.g. NULL if a string, array() if they will be arrays, has some benefits in that they will function in the setting they are ment to without any unexpected results.
e.g. foreach($emptyArray) won't complain it just wont output anything, whereas foreach($false) will complain about the wrong variable type.
But it seams like an unnecessary hassle to have so many different ways of doing basically the same thing. eg. if(empty($var)) or if ($var == NULL)
Duplicate: Best way to test for a variable’s existence in PHP; isset() is clearly broken

Each function you named is for different purposes, and they should be used accordingly:
empty: tells if an existing variable is with a value that could be considered empty (0 for numbers, empty array for arrays, equal to NULL, etc.).
isset($var): tells if the script encountered a line before where the variable was the left side of an assignment (i.e. $var = 3;) or any other obscure methods such as extract, list or eval. This is the way to find if a variable has been set.
$var == NULL: This is tricky, since 0 == NULL. If you really want to tell if a variable is NULL, you should use triple =: $var === NULL.
if($var): same as $var == NULL.
As useful link is http://us2.php.net/manual/en/types.comparisons.php.
The way to tell if the variable is good for a piece of script you're coding will entirely depend on your code, so there's no single way of checking it.
One last piece of advice: if you expect a variable to be an array, don't wait for it to be set somewhere. Instead, initialize it beforehand, then let your code run and maybe it will get overwritten with a new array:
// Initialize the variable, so we always get an array in this variable without worrying about other code.
$var = array();
if(some_weird_condition){
$var = array(1, 2, 3);
}
// Will work every time.
foreach($var as $key => $value){
}

Another thing to remember is that since php is liberal in what it allows to evaluate to NULL or empty, it's necessary to use the identity operators (===, !== see http://php.net/operators.comparison. This is the reason why all of these comparison and equality functions exists, since you often have to differentiate between values with subtle differences.
If you are explicitly checking for NULL, always use $var === NULL

My vote goes for unset(), because non existing variables should generate an notice when used.
Testing gets a bit more complicated, because isset() wil be false if the variable is "not existings" or null. (Language designflaw if you'd ask me)
You could use array_key_exists() for valiables in $GLOBALS, $_POST etc.
For class properties there is property_exists().

Related

Replacing array_key_exists() with isset() in PHP

Knowing the differences of array_key_exists() and isset() in PHP, I see a lot of advocates on the web suggesting for replacing array_key_exists() with isset(), but I am thinking is it safe to do so?
In one project, I have the value of $var submitted by users. The value can be anything, even NULL or not set at all. I want to use !empty($var) to check if $var holds a non-empty value, but I understand that using !empty($var) alone is dangerous since if $var isn't pre-defined, PHP will throw an error.
So I have isset($var) && !empty($var) for checking whether $var holds a non-empty value.
However, things get complicated when I have a value stored in an assoc array. Compare the followings, assuming array $arr always exists but the key foo may or may not exist in $arr.
// code snipplet 1
$arr = array();
echo isset($arr['foo']);
// code snipplet 2
$arr = array();
echo array_key_exists('foo', $arr) && !is_null($arr['foo']);
Code snipplet 2 will always work but it seems clumsy and harder to read. As for code snipplet 1, I had bad experience... I wrote something like that before in the past on a development machine. It ran fine, but when I deployed the code to the production machine, it threw errors simply because key didn't exist in array. After some debugging, I found that the PHP configs were different between the development and the production machines and their PHP versions are slightly different.
So, I am thinking is it really that safe to just replace array_key_exists() with isset()? If not, what can be of better alternatives of code snipplet 2?

In one project, I have the value of $var submitted by users.
How does that work? Users shouldn't be able to set variables. They should be able to, e.g., submit form values which end up in $_POST. I repeat, they should not be able to directly create variables in your scope.
If "users" here means some sort of plugin system where people write and include PHP code… then you may want to think about defining a more stable interface than setting variables.
The value can be anything, even NULL…
Not if it's a value submitted through HTTP. HTTP has no concept of null. It's either an empty string or doesn't exist at all.
using !empty($var) alone is dangerous since if $var isn't pre-defined, PHP will throw an error
That is wrong. empty specifically exists to test a variable against false without throwing an error. empty($var) is the same as !$var without triggering an error if the variable doesn't exist.
So I have isset($var) && !empty($var) for checking whether $var holds a non-empty value.
See Why check both isset() and !empty(). (Spoiler: it's redundant.)
echo isset($arr['foo']);
echo array_key_exists('foo', $arr) && !is_null($arr['foo']);
These both do exactly the same thing. isset returns true if the value exists and its value is not null. The second line returns true if the array key exists and its value is not null. Same thing.
I had bad experience...
You'd need to be more detailed about that, since there should be no caveat to isset as you describe it.
See The Definitive Guide To PHP's isset And empty and Difference between isset and array_key_exists.

Assigning NULL to a variable in PHP: what does that do?

In maintaining code, I'm encountering loops, where at the end of the loop several variables are set to NULL like so: $var = NULL;. From what I understand in the manual, NULL is meant mostly as something to compare against in PHP code. Since NULL has no type and is not a string or number, outputting it makes no sense.
I unfortunately cannot provide an example, but I think the NULL values are being written to a file in our code. My question is: does $var have a value after the assignment, and will echoing/writing it produce output?
EDIT: I have read the PHP manual entry on NULL. There is no need to post this: http://php.net/manual/en/language.types.null.php in a comment or answer, or top downvote me for not having RTM. Thank you!

[ghoti#pc ~]$ php -r '$i="foo"; print "ONE\n"; var_dump($i); unset($i); print "TWO\n"; var_dump($i); $i=NULL; print "THREE\n"; var_dump($i); print "\n"; if (isset($i)) print "Set.\n"; if (is_null($i)) print "is_null\n";'
ONE
string(3) "foo"
TWO
NULL
THREE
NULL
is_null
[ghoti#pc ~]$
The result of isset() will be boolean false, but the variable is still defined. The isset() function would be better named isnotnull(). :-P
Note that is_null() will also return true for a value that has never been set.
Yay PHP.

null is pretty much just like any other value in PHP (actually, it's also a different data type than string, int, etc.).
However, there is one important difference: isset($var) checks for the var to exist and have a non-null value.
If you plan to read the variable ever again before assigning a new value, unset() is the wrong way to do but assigning null is perfectly fine:
php > $a = null;
php > if($a) echo 'x';
php > unset($a);
php > if($a) echo 'x';
Notice: Undefined variable: a in php shell code on line 1
php >
As you can see, unset() actually deletes the variable, just like it never existed, while assigning null sets it to a specific value (and creates the variable if necessary).
A useful use-case of null is in default arguments when you want to know if it was provided or not and empty strings, zero, etc. are valid, too:
function foo($bar = null) {
if($bar === null) { ... }
}

Null in PHP means a variable were no value was assigned.
http://php.net/manual/en/language.types.null.php

A variable could be set to NULL to indicate that it does not contain a value. It makes sense if at some later point in the code the variable is checked for being NULL.
A variable might be explicitly set to NULL to release memory used by it. This makes sense if the variable consumes lots of memory (see this question).
Dry run the code and you might be able to figure out the exact reason.

It appears that the purpose of the null implementation based off of the information provide is to clear the variable.
You can unset a variable in PHP by setting it to NULL or using the function unset().
unset() destroys the specified variables.
The behavior of unset() inside of a function can vary depending on
what type of variable you are attempting to destroy.
If a globalized variable is unset() inside of a function, only the
local variable is destroyed. The variable in the calling environment
will retain the same value as before unset() was called.

Null is a special data type which can have only one value, which is itself. Which is to say null is not only a data type but also a keyword literal a variable of data type null is a variable that has no value assigned to it when a variable is created without a value it is automatically assigned a value of null this is so that whatever garbage was in that memory location before is cleared out otherwise the program may try to process it

PHP - isset($variable) and notices

so if I have this code:
$bla = 1;
if($foo && $bla) do_whatever...
I get a notice telling me that $foo is a undefined variable.
So I have to change my code to this:
$bla = 1;
if(isset($foo) && $foo && $bla) do_whatever...
Is there anyway I can avoid checking if a variable is assigned and just assume the variable is false, but without having to turn off PHP notices?

Depending on the exact behavior you want, you can check if the variable is empty():
Returns FALSE if var has a non-empty
and non-zero value.
The following things are considered to
be empty:
"" (an empty string) 0 (0 as an
integer) "0" (0 as a string) NULL
FALSE array() (an empty array) var
$var; (a variable declared, but
without a value in a class)
It's important to understand all those cases, but it's handy language construct. if $foo is undefined if($foo) will throw a notice, but if(!empty($foo)) will not -- the expression will evaluate to false
This should not be abused, however. As others have stated, those notices are for your protection, so if you can define your variables, you should do so. Where empty() comes in especially handy is things like if (!empty($_GET['foo'])) - testing for the existence of input in superglobals.

The entire point of notices is to tell you that something might be wrong (such as writing $fooo instead of $foo). So, if you're not going to use them, you might as well disable them. You can disable a notice selectively by setting your own error handler, and discarding the error silently when it's of the "undefined variable" kind.
Of course, the clean thing to do would be to define your variables in the first place.

No, there isn't.

No, you should always know exactly what's going on with your variables. In fact, you should never need to use isset() on a variable itself at all.

You could do:
if(#$foo && $bla) do_whatever...
The # will suppress the warning.
But you really shouldn't do it. Not checking ALL your input is just plain WRONG.

Is this an OK test to see if a variable is set

Yesterday, I posted an answer to a question that included several (unknown to me at the time) very bad code examples. Since then, I've been looking at my fundamental knowledge of PHP that allowed me to think that such code is possible. This brings me to a question that I can't seem to find an answer to:
If I want to check for whether or not a variable has anything set, is it a valid practice to not use isset() or another helper function? here's a "for instance":
if($not_set){
//do something
} else {
//do something else
}
Rather than...
if(isset($not_set)){
//do something
} else {
//do something else
}
From the name of the variable, you can see that this variable is not set. Therefore the conditional would be false and the else portion would run. Up until now I have been using this practice, but after the posts yesterday, I now have an inkling that this is wrong.
Here's why I thought that it would be an ok practice to leave out the isset() function above. From PHP manual:
The if construct is one of the most
important features of many languages,
PHP included. It allows for
conditional execution of code
fragments. PHP features an if
structure that is similar to that of
C:
if (expr) statement
As described in the section about
expressions, expression is evaluated
to its Boolean value. If expression
evaluates to TRUE, PHP will execute
statement, and if it evaluates to
FALSE - it'll ignore it. More
information about what values evaluate
to FALSE can be found in the
'Converting to boolean' section.
And from the 'Converting to boolean section':
When converting to boolean
, the following values are considered
FALSE:
...
* the special type NULL (including unset variables)
Why would the manual go out of its way to state that unset variables are included if this is a bad practice? If it's unset, it gets converted to NULL and therefore is evaluated properly by the conditional. Using isset() will find the same result, but will take extra cycles to do so.
Have I been wrong this whole time, and if so, why? (And just how bad it is, maybe?)

If the variable is not set you get a Notice. If you use isset() you don't get a notice. So from an error reporting point of view, using isset() is better :)
Example:
error_reporting(E_ALL);
if($a) {
echo 'foo';
}
gives
Notice: Undefined variable: a in /Users/kling/test on line 5
whereas
error_reporting(E_ALL);
if(isset($a)) {
echo 'foo';
}
does not output anything.
The bottom line: If code quality is important to you, use isset().

It's okay but not good practice to use if to check for a set variable. Two reasons off the top of my head:
Using isset makes the intent clear - that you're checking whether the variable is set, and not instead checking whether a condition is true.
if ($not_set) will evaluate to false when $not_set is actually set but is equal to boolean false.

You will run in to problems if your variable is set, but evaluates to FALSE, like the following:
the boolean FALSE itself
the integer 0 (zero)
the float 0.0 (zero)
the empty string, and the
string "0"
an array with zero elements
an object with zero member
variables (PHP 4 only)
the special type NULL (including
unset variables)
SimpleXML objects created from empty
tags
Taken from the PHP manual.
Basically, using isset() is showing that you are explicitly checking if a variable exists and is not NULL, while the structure of your if statement only checks if the variable is true. It is more clear and less error-prone.

It is a common practise, but is not good -- you should always use isset!
If your $not_set is set, and is a bool with the value false, your "test" will fail!

isset works as a guard preventing you from using variables that do not actually exist.
if (isset($foo)) and if ($foo) do not mean the same thing. isset just tells you if the variable actually exists and if it's okay to use it, it does not evaluate the value of the variable itself*.
Hence, you should usually use one of these two patterns:
If the variable is sure to exist and you just want to check its value:
if ($foo == 'bar')
If the variable may or may not exist, and you want to check its value:
if (isset($foo) && $foo == 'bar')
If you're just interested that a variable is set and evaluates to true, i.e. if ($foo), you can use empty:
if (isset($foo) && $foo)
// is the same as
if (!empty($foo))
* it does check for null, where null is as good as not being set at all

In PHP, what is the differences between NULL and setting a string to equal 2 single quotes

I used to set things like this when I wanted blank values.
$blankVar = '';
Then after some months, I decided this looked better and had a clearer intent.
$blankVar = null;
This worked without hiccup for a while, but recently with a PDO prepared statements I ran into a problem. Binding a value to null made the query fail, whilst binding it to '' did not. I needed to bind it to null, so that if a condition was met, it would insert blank data.
What are the differences between the 2? I still think equaling null (or at least a constant) looks better, so should I do this?
define('EMPTY', '');

Null is just another datatype in PHP, which has only one value (null). Since PHP is a loosly typed language, it can be confusing how it handles different values.
"", 0, "0", False, array(), Null are all considered False in PHP.
Null, however, is a different kind of animal. The main incompatibility with using Null is that you cannot tell if it isset().
$x = false;
isset($x) -> true
echo $x -> ""
$y = null;
isset($y) -> false
echo $y -> ""
//$z is not set
isset($z) -> false
echo $z -> E_NOTICE
So null is odd in the sense that it doesn't follow normal variable rules in PHP (at least some). In most cases, it is fine.
When it comes to database columns, PHP's NULL has no place there. You see, SQL is a string based language. SQL's NULL must be represented by NULL with no quotes.
So if you want an EMPTY field, set it to ""
INSERT INTO foo SET bar = ""
But if you want a NULL field, set it to NULL
INSERT INTO foo SET bar = NULL
BIG DIFFERENCE.
But if you try to insert the PHP NULL directly, it will add zero characters to the query, (which leaves you with a blank or syntax error, depending on if you quoted it).

null is a special placeholder value in the programming language that literally means "nothing". It's not 0, it's not an empty string, it's nothing. There is no value in memory being pointed to. An empty string, on the other hand, is still a string object, just a very short one :)

Well, it's one thing how nice each approach looks, but the main difference is that one is an empty string and the other is an uninitialized variable (null)

Aside from the differences stated by Rex, there's two types of comparisons in PHP, loose and strict:
http://www.php.net/manual/en/types.comparisons.php
If strict comparisons or functions like is_null() are used in any capacity, you'll get different results. With loose comparisons, however, PHP is pretty lenient.
I don't know for sure, but you may be able to use your null approach, then just typecast when you're using the variable in the context where you had issues (i.e. pass (string) $blankVar). If that works, it may mean less changes are necessary to your code.

'null' is the unique thing that uninitialized variables refer to. You can set a variable to refer to null. There is also the 'unset' state meaning the variable doesn't exist at all. You can check that via the isset() function. Most often used to check if an element of array exists and is, for example, a way to see if $_GET['op'] has received a querystring param. You can also make a variable unset (remove an element of an array) via the unset() function. There is also a function empty() which will check if a variable is either NULL, FALSE, 0, or an empty string

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.