Undefined variables: should we care? 2

[progman1010]

So i understand the reason for defining variables from a historical standpoint: parsers needed to see these calls in order to allocate memory for variables before they're used. But now, PHP does this anyway, so do I really need to care? And if I do, why?

_jay

 

[jpadie]

interesting question. here's my take:

you do not need to care from a programmatic perspective. php is a loosely typed language and supports implied variable instantiation.

from a best practice perspective, i tend to follow these rules:

i explicitly declare all class properties
i explicitly declare all variables that are to be _returned_ by a function.
I explicitly declare all variables that are used in a loop for concatenation or array building.
I explicitly declare variables that are used in forms
I use phpdoc type comments to ensure that all variables used as arguments for a function or method are fully documented so that if I (or another) come back to an application at a later date, it's usage is still obvious.

I do not explicitly declare variable _type_, however (apart from arrays).

 

[DonQuichote]

In short: yes you should care. So switch on warnings and notices on your development machine and trap them (but do not display them in a browser) on a live web server.

There are a few things to consider when using PHP, especially with variables:
[ul][li] Variables were used where page parameters were meant. So $Username could be $_POST['Username'] in old scripts. Thank goodness that that is no longer the case by default (you can still configure it to be). This also means that every uninitialized variable can be abused by hackers if you configure your server that way.[/li]
[li] The global keyword and the scope of variables in functions works differently than with other programming languages. Many languages will happily let you use a variable that exists outside the function, but you have to use the global keyword in PHP. If your variables are automatically generated, you would have a hard time to find out why the variable inside your function is "suddenly" reset or why the outside variable does not change when you set it in a function. Even if you know all this, you may use code of someone who does not.[/li]
[li]You might use variables that must be configured to exist, such as the "last error" variable or the old $HTTP_GET_VARS superglobal. Not getting an error here gives unexpected results: your error handling code may just not work or your page will not seem to get any input.[/li]
[/ul]
There was a time that PHP should be easy for anyone and forgive programmer's errors. Thank goodness the PHP developers now know better and PHP no longer tries to outsmart the programmer.

+++ Despite being wrong in every important aspect, that is a very good analogy +++
Hex (in Darwin's Watch)

 

[jpadie]

using implicit declaration does not flag a warning or notice

$var = 'something';

is just fine. you do not need to declare $var as a string before you use it. that's what the OP was asking in reference to memory allocation.

 

[progman1010]

You each shed some good light on this question. DonQuichote- i had not thought about that exploit. I usually have register_globals off, but you never know... I can also see the value in the other circumstances.

This really helps. Thanks!