Page 1 of 2

error_reporting(E_ALL) - how picky are you guys?

Posted: Tue Sep 12, 2006 5:31 pm
by fgomez
Per the advice of some of the very helpful people in this forum, I've starting turning error_reporting(E_ALL) on during development. Here's one I get a lot:
Notice: Undefined index: title in /foo/bar/example.php on line 41
I've gotten into the habit of doing stuff like this:

Code: Select all

if($var) {
     //do something
}
I noticed that if I substitute this:

Code: Select all

if(isset($var)) {
     //do something
}
... the notice goes away.

So I was curious to know what kinds of standards some of the hotshots in this forum set for themselves. Do you make every notice go away before going live?

Hotshots?

Posted: Tue Sep 12, 2006 5:35 pm
by Luke
I do

Re: error_reporting(E_ALL) - how picky are you guys?

Posted: Tue Sep 12, 2006 5:35 pm
by feyd
fgomez wrote:So I was curious to know what kinds of standards some of the hotshots in this forum set for themselves. Do you make every notice go away before going live?
Yes. Notices, warnings and errors show my clients that I'm a novice. Certainly I don't want to give such an appearance.

Posted: Tue Sep 12, 2006 5:39 pm
by Luke
well I turn error reporting off in a production environment so that even if I am a novice my clients won't know about it... but just because I have become anal as hell (due to these forums mostly) I make sure there are no notices... good practice.

Posted: Tue Sep 12, 2006 5:40 pm
by klarinetking
I have to agree with everyone here. It's usually not too hard to fix those types of errors (if it is hard to fix them, it's usually indicitive of a larger problem elsewhere), and I can't see any downside to spending the time to fix them.

klarinetking

Posted: Tue Sep 12, 2006 5:42 pm
by feyd
Even if the errors don't show, they still fire. Errors firing slows down execution. If logging is on, they'll show in the error logs too, that's just as bad.

Posted: Tue Sep 12, 2006 5:42 pm
by wtf
I do initialize all my variables at the begenning of the file with their respective type

Code: Select all

$var = false;

if( $var )
That eliminates the need for using isset evey time.

Posted: Tue Sep 12, 2006 5:44 pm
by fgomez
wtf wrote:I do initialize all my variables at the begenning of the file with their respective type

Code: Select all

$var = false;

if( $var )
That eliminates the need for using isset evey time.
How do other people do this? This is really the only notice I get...

Posted: Tue Sep 12, 2006 5:48 pm
by feyd
I do a variety of things: array_key_exists(), isset() and pre-initialization depending on what the logic dictates.

Posted: Tue Sep 12, 2006 5:51 pm
by Luke
I generally initialize all variables like wtf said... but there are occasions where I use isset & friends

Posted: Tue Sep 12, 2006 5:58 pm
by wtf
I think a correct answer to your question would be to focus less on what others do but to focus more on good and secure programming. This is mainly because if we're doing things wrong way you'll end up doing things wrong way. I think its more beneficial for you to know how to avoid common problems and avoid falling into security holes as opposed to patching the same.

Here's some usefull reading.
http://www.phpbuilder.com/columns/ian_g ... hp3?page=2
http://hcs.harvard.edu/~acctserv/help/s ... carlet.txt

Posted: Tue Sep 12, 2006 6:08 pm
by Ambush Commander
You generally only ever need isset when dealing with passed parameters. Everything else should be initialized otherwise you open yourself up to global rewriting.

Posted: Tue Sep 12, 2006 6:28 pm
by RobertGonzalez
It is part of my standard to code to E_ALL as though error_reporting were on and register_globals is off. I always inititalize vars that are not asigned a value from somewhere else, I always use isset(), array_key_exists(), is_array(), etc. I refuse to have a client turn on display_errors and see something that I should have corrected. But that is me.

Posted: Tue Sep 12, 2006 8:57 pm
by Jenk
As has been posted already..

I only use isset() on external input (i.e. superglobals like $_POST, $_SERVER etc.) the rest are all pre-initialised with superceding comparisons against chosen default value.

Posted: Wed Sep 13, 2006 4:16 am
by CoderGoblin
Like others here before a site goes "live" I ensure all errors and notices are gone. In general I have it switched off by default, but I have a generic "debug class" which I can use (restricted to a specific user/IP Address) which switches the notices/errors on. The debug class also does other things such as displays the SQL calls/results, display the session variables as well as some timings, function call count and total timing for each function. When switched on it slows the page down but when switched off impact is minimal.

I am currently just changing the class to allow for the following $_GET['trace']==X where X is a combination of
1 - SQL Failures (SQL error, where found file, class, method, process_time).
2 - SQL Warnings (no results found, insert failed etc found, file, class, method, process_time).
4 - SQL Successful calls (file, class, method, process_time).
8 - $_SESSION (displayed as tree)
16 - $_POST
32 - $_GET
64 - $_COOKIE
128 - Method/Function Call Count/Timings (Sorted by Total Runtime per function)
256 - Method/Function Call Count/Timings (Sorted by Counter, how many times the function was run)
512 - Full Trace including arguments passed and timings (Again displayed as a tree).

So entering trace=139 would show all SQL Failures/Warnings, the SESSION variables and the methods/function calls sorted by the total run times for the method.