PHP and undefined variables strategy

问题

I am a C++ programmer starting with PHP. I find that I lose most of the debugging time (and my selfesteem!) due to undefined variables. From what I know, the only way to deal with them is to watch the output at execution time.

Are other strategies to notice these faults earlier (something like with C++ that a single compile gives you all the clues you need)?

回答1:

This is a common complaint with PHP. Here are some ideas:

1. Use a code analysis tool. Many IDEs such as NetBeans will help also.

2. Just run the code. PHP doesn't have an expensive compilation step like C++ does.

3. Use unit testing. Common side effects include: better code.

4. Set error_reporting(-1), or the equivalent in your ini file.

5. Get xdebug. It's not preventative, but stack traces help with squishing bugs.

6. isset(), === null (identity operator), and guard clauses are your friends.

Loose and dynamic typing are a feature of the language. Just because PHP isn't strict about typing doesn't mean you can't be. If it really bugs you and you have a choice, you could try Python instead—it's a bit stricter with typing.

回答2:

Log your E_NOTICE messages to a text file. You can then process logs with automated scripts to indicate files and lines where these are raised.

回答3:

No. In PHP, you can only know a variable doesn't exist when you try to access it.

Consider:

if ($data = file('my_file.txt')) {
    if (count($data) >= 0)
        $line = reset($data);
}
var_dump($line);

You have to restructure your code so that all the code paths leads to the variable defined, e.g.:

$line = "default value";
if ($data = file('my_file.txt')) {
    if (count($data) >= 0)
        $line = reset($data);
}
var_dump($line);

If there isn't any default value that makes sense, this is still better than isset because you'll warned if you have a typo in the variable name in the final if:

$line = null;
if ($data = file('my_file.txt')) {
    if (count($data) >= 0)
        $line = reset($data);
}
if ($line !== null) { /* ... */ }

Of course, you can use isset¹ to check, at a given point, if a variable exists. However, if your code relies on that, it's probably poorly structured. My point is that, contrary to e.g. C/Java, you cannot, at compile time, determine if an access to a variable is valid. This is made worse by the nonexistence of block scope in PHP.

¹ Strictly speaking, isset won't tell you whether a variable is set, it tell if it's set and is not null. Otherwise, you'll need get_defined_vars.

回答4:

From what I know the only way to deal with them is to watch the output at execution time.

Not really: To prevent these notices from popping up, you just need to make sure you initialize variables before accessing them the first time. We (sadly IMO) don't have variable declaration in PHP, but initializing them in the beginning of your code block is just as well:

$my_var = value;

Using phpDocumentor syntax, you can also kind of declare them to be of a certain a type, at least in a way that many IDEs are able to do code lookup with:

/** @desc optional description of what the variable does
    @var int */
$my_var = 0;

Also, you can (and sometimes need to) use isset() / empty() / array_key_exists() conditions before trying to access a variable.

I agree this sucks big time sometimes, but it's necessary. There should be no notices in finished production code - they eat up performance even if displaying them is turned off, plus they are very useful to find out typos one may have made when using a variable. (But you already know that.)

回答5:

Just watch not to do operations that requires the variable value when using it the first time, like the concatenate operator, .=.

If you are a C++ programmer you must be used to declare all variables. Do something similar to this in PHP by zeroing variables or creating empty array if you want to use them.

Pay attention to user input, and be sure you have registered globals off and check inputs from $_GET and $_POST by isset().

You can also try to code classes against structural code, and have every variable created at the beginning of a class declaration with the correct privacy policy.

You can also separate the application logic from the view, by preparing all variables that have to be outputted first, and when it goes to display it, you will be know which variables you prepared.

回答6:

During development stages use

error_reporting(E_ALL);

which will show every error that has caused, all NOTICE errors, etc.

Keep an eye on your error_log as well. That will show you errors.

Use an error reporting system, example:

http://php.net/manual/en/function.set-error-handler.php

class ErrorReporter
{
    public function catch($errno, $errstr, $errfile, $errline)
    {
        if($errno == E_USER_NOTICE && !defined('DEBUG'))
        {
            // Catch all output buffer and clear states, redirect or include error page.
        }
    }
}

set_error_handler(array(new ErrorReporter,'catch'));

A few other tips is always use isset for variables that you may / may not have set because of a if statement let’s say.

Always use if(isset($_POST['key'])) or even better just use if(!empty($_POST['key'])) as this checks if the key exists and if the value is not empty.

Make sure you know your comparison operators as well. Languages like C# use == to check a Boolean state whereas in PHP to check data-types you have to use === and use == to check value states, and single = to assign a value!

回答7:

Unless I'm missing something, then why is no one suggesting to structure your page properly? I've never really had an ongoing problem with undefined variable errors.

An idea on structuring your page

Define all your variables at the top, assign default values if necessary, and then use those variables from there. That's how I write web pages and I never run into undefined variable problems.

Don't get in the habit of defining variables only when you need them. This quickly creates spaghetti code and can be very difficult to manage.

No one likes spaghetti code

If you show us some of your code we might be able to offer suggestions on how you can better structure it to resolve these sorts of errors. You might be getting confused coming from a C background; the flow may work differently to web pages.

回答8:

Good practice is to define all variable before use, i.e., set a default value:

$variable = default_value;

This will solve most problems. As suggested before, use Xdebug or built-in debugging tools in editors like NetBeans.

回答9:

If you want to hide the error of an undefined variable, then use @. Example: @$var

回答10:

I believe that various of the Code Coverage tools that are available for PHP will highlight this.

回答11:

Personally, I try and set variables, even if it's with an empty string, array, Boolean, etc. Then I use a function such as isset() before using them. For example:

$page_found = false;

if ($page_found==false) {
    // Do page not found stuff here
}

if (isset($_POST['field'])) {
    $value = $_POST['field'];
    $sql = "UPDATE table SET field = '$value'";
}

And so on. And before some smart-ass says it: I know that query's unsafe. It was just an example of using isset().

回答12:

I really didn't find a direct answer already here. The actual solution I found to this problem is to use PHP Code Sniffer along with this awesome extension called PHP Code Sniffer Variable Analysis.

Also the regular PHP linter (php -l) is available inside PHP Code Sniffer, so I'm thinking about customizing my configuration for regular PHP linting, detecting unused/uninitialized variables and validating my own code style, all in one step.

My very minimal PHPCS configuration:

<?xml version="1.0"?>
<ruleset name="MyConfig">
    <description>Minimal PHP Syntax check</description>
    <rule ref="Generic.PHP.Syntax" />
    <rule ref="VariableAnalysis" />
</ruleset>

来源：https://stackoverflow.com/questions/3564744/php-and-undefined-variables-strategy