php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #38824 settype() should throw a Notice on uninitialized variables
Submitted: 2006-09-14 11:07 UTC Modified: 2006-09-14 12:44 UTC
From: tklingenberg at lastflood dot com Assigned:
Status: Wont fix Package: Feature/Change Request
PHP Version: 5.1.6 OS: win32
Private report: No CVE-ID: None
View Developer Edit
 [2006-09-14 11:07 UTC] tklingenberg at lastflood dot com 
Description:
------------
In case a program uses an uninitialized variable passed to settype(), it should throw a Notice, compareable to echo; intval() and other variable related functions.

Even if PHP does everything right ($var is a variable you can change the type of), for the PHP User, it's highly possible she/he made an error and typed in the wrong variable name. Afterwards the type of the variable is unchecked, which can lead to even more critical errors.

All this is unnoticed because PHP does not throw a NOTICE.

Reproduce code:
---------------
<?php
$r = settype($var, "float");
?>

Expected result:
----------------
It should throw a Notice

Actual result:
--------------
No Notice is giving that $var is not initialized.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-09-14 11:16 UTC] tony2001@php.net 
It's just impossible.
settype() function accepts the first parameter by reference.
See fo example:
<?php

function create_a_var(&$var) {
  $var = 'created';
}
create_a_var($doesnt_exist); // you would not expect a NOTICE here, right?
?>
settype() does the same.
 [2006-09-14 11:36 UTC] tklingenberg at lastflood dot com 
Accepting a parameter by reference does not mean it's impossible to check for an uninitalized variable: 
<?php

function unintialize_a_var(&$var) {
  if (!isset($var)) {
    // Why should I uninitalize something uninitialized?
  } else {
    $var = NULL;
  }
}
uninitialize_a_var($uninitialized); // you would expect a NOTICE here, right?
?>

Anyway your (and mine) example function is useless, and it does not point to the problem itself afterall.

But if the function is about setting the type of a variable and the variable is not initialized I would strongly assume to get a NOTICE about this. Especially in PHP where a variable is created by using the dollarsign followed by the variabelename.

Would you expect to get a NOTICE here?:
echo $var;
var_dump($var);
intval($var);

I get a notice there. With your arguments you would not expect it here, right?
 [2006-09-14 11:45 UTC] tony2001@php.net 
It's impossible to detect what you really want to get - either create a variable or get a notice.
PHP cannot get into your head and read it.
 [2006-09-14 12:44 UTC] tklingenberg at lastflood dot com 
"either create a variable or get a notice."

settype() is not about creating variables. to create a varibale, the dollarsign ($) is used.

so only the "or get a notice" is left:

I don't want this to be a personal thing, so it infact does not depend on what I want to get. Additional, I don't want PHP to look into my head as well.

Maybe its more understandable, when I write down my motivation:

Normally I do use settype() to ensure that an already initialised variable is set to a specific type. That's all. In that case I wanted to get a NOTICE. Maybe this really is completety wrong, but using settype() on an unitialized variables makes no sense, because uninitalized variables ever contain NULL, so setting their type is completely useless. So if PHP ecnounters a NULL value inside settype, it's a strong signal, that something went wrong. So it might be nice of PHP to drop a NOTICE. It's like using intval() or echo on unitialized variables.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Mon Sep 01 21:00:02 2025 UTC