Php problem with undefined variables?

1

I’m playing around with a PHP script and am running into an odd problem.

I’m trying to adapt the RSSViewer wrtiiten by Erational

Flash calls the PHP script with an url query

In the PHP script there’s the following:


$category = $_GET['category'];
$id = $_GET['id'];
$action = $_GET['action'];

However, when the PHP script is called like this


rssView.php?action=viewCat

then I get errors saying that there’s an
undefined index: category and
undefined index: id

As I understand it the script tries to assign values to these variables that simply are not there 'cause they haven’t been sent to the script.
How can I prevent this from happening?

Thanks

2

nevermind, figured it out already.

I just used


if (isset($_GET['id'])){
  $id = $_GET['id'];
  // do other stuff
}

so the variable only gets defined when there’s really a GET variable

3

You actually don’t need that on most servers, you could just use $id if global variables are enabled (i think global variables is what it’s called at least)

4

Global variables are bad for your health. Turn them off right now! They can easily lead to security holes in your code. If you - for instance - have code like this


if (input_is_okay()) {
    $valid_input = 1 ;
}
if ($valid_input) {
    show_financial_data();
}
else {
    show_order_form();
}

Then if the script is called like this script.php?valid_input=1 then the code will execute the show_financial_data routine even though input is not OK.

The code is much more secure from this kind of exploit if you have to access variables through the $_GET and $_POST arrays.

5

I think any version of php after 4.2 comes with register globals turned off.

6

But a lot of hosts turn it on as software, for instance osCommerce is a good example, still needs it.

But as was mentioned, just get the idea of using them out of your head. :stuck_out_tongue:

You can leave global variables on as long as you don’t use them. Use $_GET, $_POST, $_SESSION, etc… instead.