Re: notice and warning
- From: Erwin Moller <Since_humans_read_this_I_am_spammed_too_much@xxxxxxxxxxxxxxxx>
- Date: Wed, 16 Jul 2008 18:14:39 +0200
Jeff schreef:
Hi Jeff,
I turned on errors in php:
ini_set('display_errors','1');
Good.
And I got a slew of notices and a couple of warnings.
The notices are mostly missing indexes from doing things like this:
$some_var = $_REQUEST['some_name'];
Don't use $_REQUEST[].
Use $_POST or $_GET or $_COOKIE or whatever you need, but don't use $_REQUEST.
Doing so means you don't know where your data comes from.
(Some people, like me, think it should never have been added to the language.)
And the warnings are when I have something like this:
Missing argument 1 ...
function someFoo($var1){
if($var1){...}
}
Don't call functions with the wrong number of arguments. ;-)
someFoo();
So, I turned display_errors back off, but wonder if I should do anything about the this.
Yes you should.
Always have all notices/warnings on during development, and display them.
What is good programming practice?
I think the best practise is:
1) Develop with all warnings/notices on.
2) Fix them
3) Test a lot. Try to hack your own application. Do things like sending bad formdata (eg missing values, wrong values, etc.)
4) fix it.
When you have a good feeling and open your application to the world:
5) Do NOT display errors/warnings/etc anymore, but LOG them.
(Seeing errors makes it very easy for a hacker to gain more ground.)
6) Check your errorlog a lot.
In some of mine 'more serious' applications, I do the following:
- I make my own errorhandler.
- On any error (notice/warning/etc) I log this error, and send an email to myself warning me about it.
- When an error accors, I simply redirect to a page saying: "Sorry, we encountered an error, which is logged. Sorry for any inconvenience", or something like that.
That way I make sure I never leak information of the internals of the application (by setting display_error to off), but I get to see the errors my application makes very quickly because of the email to myself.
Read more here:
http://nl2.php.net/manual/en/ref.errorfunc.php
Generally I care more about whether a variable is null or empty, and not whether it has been set, which is what the "notices" seem to be about. If I were to do this:
if(isset($var1)){
// I'd still have to do this:
if($var1){...
I don't know how you program, but I never find myself in that situation.
I initialize all variables I use, and always call functions with the right number of arguments.
That is not 'bloated code', but clean programming.
PHP is a new language for me, and I'd like to write "correctly"...but I don't want to bloat the code either.
Oh, one more thing, I slipped into perl mode and did this: $SOME_ARRAY{some_key} and got no complaints, Is that "kosher"?
You mean {} instead of []?
Never saw it, never used it. Isn't that an error?
Jeff
Good luck!
Regards,
Erwin Moller
.
- Follow-Ups:
- Re: notice and warning
- From: Barry
- Re: notice and warning
- From: Jeff
- Re: notice and warning
- References:
- notice and warning
- From: Jeff
- notice and warning
- Prev by Date: Re: notice and warning
- Next by Date: Re: How to use custom properties, in php.ini?
- Previous by thread: Re: notice and warning
- Next by thread: Re: notice and warning
- Index(es):
Relevant Pages
|
