php error??

I was getting a php error on a larger script., so I pared it down to the simplest possible case, as follows

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
      $country = $_GET['country'];
?>      

I get this error:

Notice: Undefined index: country in /home/rkassoc/public_html/Lakos/test.php on line 4

I can't do a $_GET['var'] ??

You can try it yourself at rkassoc.org/Lakos/test.php

Thanks
Richard KortsBusiness Owner / Chief DeveloperAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

F IgorDeveloperCommented:
Use a different configuration for errors:
If sometimes the $_GET variable is empty then $_GET['var'] generate a warning (it's not an error, the execution continues) If you are not interested in view warnings or another messages change error_reporting to  error_reporting(E_ALL & ~E_NOTICE);


<?php

// Turn off all error reporting
error_reporting(0);

// Report simple running errors
error_reporting(E_ERROR | E_WARNING | E_PARSE);

// Reporting E_NOTICE can be good too (to report uninitialized
// variables or catch variable name misspellings ...)
error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);

// Report all errors except E_NOTICE
error_reporting(E_ALL & ~E_NOTICE);

?>

Open in new window

Dave BaldwinFixer of ProblemsCommented:
You can only 'GET' a var when it is passed to the page like this.
rkassoc.org/Lakos/test.php?country=US

Open in new window

When I write a page that receives data, I write it like this so I don't get that error.
if (!isset($_GET['country']))  $country = ''; else $country = $_GET['country'];

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Richard KortsBusiness Owner / Chief DeveloperAuthor Commented:
I understand that a value has to be passed in the query string.

Iv'e done this a thousand times and it always gives a null if nothing is there.

Are you suggesting my error handling is too strong?
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

Dave BaldwinFixer of ProblemsCommented:
it always gives a null if nothing is there.
I've never seen it do that.  "Undefined index:" is what I get which is why I use the code I posted.  Note that even if you turn all the error notices off, it is still going to be an "Undefined index:" problem.  With the code I posted, that doesn't happen.

Note:  I almost always turn on ALL error reporting even in production.  I want to know when there are problems.
Julian HansenCommented:
Are you suggesting my error handling is too strong?
Sounds like it is just right.

Alternative to Dave's suggestion - basically the same thing but just the ternary version
$country = isset($_GET['country']) ? $_GET['country'] : '';

Open in new window

Note: data would / should still have to be sanitized
Ray PaseurCommented:
Are you suggesting my error handling is too strong?
Not suggesting that at all.  You're on the right track, you just have to use the error reports to your advantage.  Your error_reporting() should always be at the highest possible level.  You want to find and correct the errors.  Lowering the error reporting level is like putting black electrical tape over the warning lights on your dashboard.  It masks the symptom but does nothing to correct the error.  If you ignore the low-oil warning light your engine will burn up - you just don't know when.  If you ignore the PHP Notice, Warning and Error messages your script will fail (and it may destroy your database when it fails) - you just don't know when.

You might want to consider using var_dump($_GET) to see what is present in the GET request variables.  GET requests in PHP contain the variables that are shown in the URL.  

In older versions of PHP, you might have encountered Register Globals.  We do not do that any more!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.