Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:27367
Return-Path: <cschneid@cschneid.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 85834 invoked by uid 1010); 11 Jan 2007 16:39:13 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 85819 invoked from network); 11 Jan 2007 16:39:13 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 11 Jan 2007 16:39:13 -0000
Authentication-Results: pb1.pair.com header.from=cschneid@cschneid.com; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=cschneid@cschneid.com; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain cschneid.com from 195.141.85.117 cause and error)
X-PHP-List-Original-Sender: cschneid@cschneid.com
X-Host-Fingerprint: 195.141.85.117 uf1.search.ch Linux 2.4/2.6
Received: from [195.141.85.117] ([195.141.85.117:40918] helo=smtp.rim.ch)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 9F/C7-42349-03866A54 for <internals@lists.php.net>; Thu, 11 Jan 2007 11:39:12 -0500
Received: from localhost (localhost [127.0.0.1])
	by rolig.search.ch (Postfix) with ESMTP id CD8B016C6AF;
	Thu, 11 Jan 2007 17:39:04 +0100 (CET)
Received: from smtp.rim.ch ([127.0.0.1])
 by localhost (search.ch [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 12255-09; Thu, 11 Jan 2007 17:38:59 +0100 (CET)
Received: from [192.168.1.72] (ultrafilter-i [192.168.85.2])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by rolig.search.ch (Postfix) with ESMTP id A8D6216C752;
	Thu, 11 Jan 2007 17:38:59 +0100 (CET)
Message-ID: <45A66822.6060402@cschneid.com>
Date: Thu, 11 Jan 2007 17:38:58 +0100
User-Agent: Thunderbird 1.5.0.9 (X11/20060911)
MIME-Version: 1.0
To: Alain Williams <addw@phcomp.co.uk>
CC:  internals@lists.php.net
References: <20070111144144.GV15998@mint.phcomp.co.uk> <45A65B19.40900@lerdorf.com> <20070111155929.GY15998@mint.phcomp.co.uk> <45A66078.7060403@lerdorf.com> <20070111161320.GA15998@mint.phcomp.co.uk>
In-Reply-To: <20070111161320.GA15998@mint.phcomp.co.uk>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at search.ch
Subject: Re: [PHP-DEV] Comments on PHP security
From: cschneid@cschneid.com (Christian Schneider)

Alain Williams wrote:
> One problem that I see persistently have is forgetting to declare variable 'global'
> in a function ... you only find out that something is wrong when the program
> misbehaves. Forcing variable declaration would help here.

a) You should never use 'global' under normal circumstances. The very
few occasions where you really, really need a global variable it should
be painful and done with $GLOBALS IMHO. Mentioning 'global' and
'teaching PHP' in the same posting makes me shiver ;-)
b) Use E_NOTICE if you are want PHP baby-sitting you by complaining
about undefined variables. Using undefined variables is a key feature
for me so I won't use E_NOTICE (in an unpatched form ;-)) but if you
insist: The option is there.

- Chris