jimfog Posted March 13, 2013 Share Posted March 13, 2013 I have heard that we must initialize variables when when we are dealing with user input. Consider the example where a name is passed with the POST method: $_POST['name'];$name=$_POST['name']; Is the second line an example of variable initialization? Link to comment Share on other sites More sharing options...
Ingolme Posted March 13, 2013 Share Posted March 13, 2013 What you actually need to do is check if the variable exists. if(isset($_POST['name']) { $name = $_POST['name'];} else { $name = '';} Link to comment Share on other sites More sharing options...
jimfog Posted March 14, 2013 Author Share Posted March 14, 2013 I do not understand.Variable initialization is the procedure to see if a variable exists and nothing else? When a POST form is submitted, by definition POST variables are created-why need checking that? Link to comment Share on other sites More sharing options...
Ingolme Posted March 14, 2013 Share Posted March 14, 2013 Just in case you get to the file without having used the form, which can happen. Link to comment Share on other sites More sharing options...
jimfog Posted March 14, 2013 Author Share Posted March 14, 2013 Just in case you get to the file without having used the form, which can happen.How can that happen?You mean the user submitting data without using the form?Or the user going to the page directly where form data is processed? Can you clarify if is something from the above that you mean or something completely different? Link to comment Share on other sites More sharing options...
Ingolme Posted March 14, 2013 Share Posted March 14, 2013 The user may somehow arrive to the page without using your form, but putting the URL in the navigation bar or for some other unexpected reason. Rather than having PHP throw warnings or errors it's best to have your program prepared for unexpected cases. You might even get odd entries in your database if your script isn't prepared for these cases. Link to comment Share on other sites More sharing options...
Raspberry Posted March 17, 2013 Share Posted March 17, 2013 A generic example of variable initialization from user OPTIONAL input. if(isValidValue($_POST['label'])) $var = $_POST['label'];else $var = DEFAULT_VALUE; Test if $_POST['label'] exists with isset() is the least to do.Also, user input correct testing prevent XSS attack and SQL injection. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now