variable initialization

[jimfog]

I have heard that we must initialize variables when when we are dealing with user input. Consider the example where a name is passed with the POST method:

$_POST['name'];$name=$_POST['name'];

Is the second line an example of variable initialization?

[Ingolme]

What you actually need to do is check if the variable exists.

if(isset($_POST['name']) {  $name = $_POST['name'];} else {  $name = '';}

[jimfog]

I do not understand.Variable initialization is the procedure to see if a variable exists and nothing else? When a POST form is submitted, by definition POST variables are created-why need checking that?

[Ingolme]

Just in case you get to the file without having used the form, which can happen.

[jimfog]

Just in case you get to the file without having used the form, which can happen.

How can that happen?You mean the user submitting data without using the form?Or the user going to the page directly where form data is processed? Can you clarify if is something from the above that you mean or something completely different?

[Ingolme]

The user may somehow arrive to the page without using your form, but putting the URL in the navigation bar or for some other unexpected reason. Rather than having PHP throw warnings or errors it's best to have your program prepared for unexpected cases. You might even get odd entries in your database if your script isn't prepared for these cases.

[Raspberry]

A generic example of variable initialization from user OPTIONAL input.

if(isValidValue($_POST['label']))     $var = $_POST['label'];else $var = DEFAULT_VALUE;

Test if $_POST['label'] exists with isset() is the least to do.Also, user input correct testing prevent XSS attack and SQL injection.