getButterfly Logo getButterfly code wrangling since 2005

As I continued my quest into updating all my web sites and scripts for the big update, I tried to use an easy method to debug my PHP scripts. So, I modified my php.ini file and changed the following lines:

error_reporting = E_ALL
display_errors = On
display_startup_errors = On
log_errors = On
track_errors = On

I actually don’t know about the display_startup_errors and track_errors features, but the one that helped me a lot was error_reporting.

Good. I set it up in my config.php file as <?php error_reporting(E_ALL);?>. As a result, lots of ‘undefined index‘, ‘undefined variable‘ and ‘undefined constant‘ notices and warnings appeared. The script still worked as intended, but the warnings and notices are still errors because something is happening that you as the programmer obviously did not plan for, and neither did your end user. Why should you fix them if they’re not errors, you ask? Because some hacker with error_reporting forced to E_ALL could see these ‘undefined’ variables, indexes and constants, and define them in an attempt to get hold of your form processing. What may happen then? I’ll let you figure it out.

In my form processing scripts I had lines stating that if the submit button has been hit, then execute the script (like inserting or updating the database). Here is the code:

if($submit) { insert here...
else {
...display form here...

This script would in fact cause some errors, because the $submit variable is not set in the first part of the script, it gets set only after submitting the form, so the check for the value of $submit would produce a non-fatal error. What should we do to prevent this? We should first check for the existence of $submit, and then for its value:

if(isset($submit)) { insert here...
else {
...display form here...

Furthermore, let’s assume the form does a POST action. Replace:




I had more circumstances, which could produce these ‘undefined’ errors, but the form processing ones were the most frequent.

Do not forget to change it back to <?php error_reporting(0);?> after you finished debugging and fixing your script.

Subscribe to getButterfly Blog

Once a week or so we send an email with our best content. We never bug you, we just send you our latest piece of content.

If you found any value in this post, agree, disagree, or have anything to add - please do. I use comments as my #1 signal for what to write about. Read our comment policy before commenting! Comments such as "Thank you!", "Awesome!", "You're the man!" are either marked as spam or stripped from URL.

Leave a reply

Love programming?

Learn about the most amazing things. Get smarter everyday!