php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54155 Insufficient+Inconsistent error reporting
Submitted: 2011-03-03 23:23 UTC Modified: 2015-06-08 20:17 UTC
Votes:14
Avg. Score:4.6 ± 0.8
Reproduced:14 of 14 (100.0%)
Same Version:3 (21.4%)
Same OS:9 (64.3%)
From: a1283465 at jnxjn dot com Assigned: cmb (profile)
Status: Duplicate Package: Variables related
PHP Version: 5.3.5 OS: Linux
Private report: No CVE-ID: None
 [2011-03-03 23:23 UTC] a1283465 at jnxjn dot com
Description:
------------
If you try to access an undefined index on an array, you will get an error. But if you try the same on bool(false) PHP will silently accept it and ignores the error.

Please note that this is especially dangerous on database results, where you get false instead of an array when there is no result.

If you try the same on a valid array with an invalid index you will get a E_NOTICE.

So trying to use the array operator on a non-array should at least raise an E_STRICT error, indicating that there is a problem, instead of silently continuing to use the wrong result for further calculations.

Test script:
---------------
$array1 = false;
$array2 = array('a'=>3);

echo 5+3*$array1['a']; // output: 5

var_dump($array1['b']); // output: NULL
var_dump($array2['b']); // output: <b>Notice</b>:  Undefined index: b


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-02-24 20:09 UTC] robertbasic dot com at gmail dot com
I'd argue that one should check that a variable is of an expected type, or maybe cast the type to the expected one, before using it.

I vote for "Not a bug".
 [2012-05-11 07:09 UTC] a1283465 at jnxjn dot com
"I'd argue that one should check that a variable is of an expected type"
I totally agree with that. But isn't error reporting (especially NOTICE etc) exactly for finding such bad code pieces?
 [2013-11-18 18:45 UTC] chris dot baker dot gr at gmail dot com
I think the bug is the lack of consistent error reporting.

Part of this is related to silent type juggling. As you can see in this example, NULL and FALSE will silently become arrays and PHP will not complain about non-existent keys. Undefined variables, interestingly, do not behave the same as explicit NULL.

https://eval.in/69415

If the script becomes unavailable, it is the following code attempted on various types of variables. Integer shown here, the example tries a string and a numeric key for boolean, null, integer, float, string, and object.

$arr = 1;
echo $arr['index']; // null
var_dump($arr); // int(1)
$arr['index'] = 'index "index" value'; // Warning: Cannot use a scalar value as an array
echo $arr["index"]; // null
var_dump($arr); // int(1)
 [2015-06-08 20:17 UTC] cmb@php.net
-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb
 [2015-06-08 20:17 UTC] cmb@php.net
This is a duplicate of bug #54556; well, actually it's the other
way round, but the other ticket has a patch attached, so I'm
marking this as dupe.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sun Aug 18 23:01:26 2019 UTC