197

PHP is writing this error in the logs: "Notice: Use of undefined constant".

Error in logs:

PHP Notice:  Use of undefined constant department - assumed 'department' (line 5)
PHP Notice:  Use of undefined constant name - assumed 'name' (line 6)
PHP Notice:  Use of undefined constant email - assumed 'email' (line 7)
PHP Notice:  Use of undefined constant message - assumed 'message' (line 8)

Relevant lines of code:

$department = mysql_real_escape_string($_POST[department]);
$name = mysql_real_escape_string($_POST[name]);
$email = mysql_real_escape_string($_POST[email]);
$message = mysql_real_escape_string($_POST[message]);

What does it mean and why am I seeing it?

Machavity
  • 30,841
  • 27
  • 92
  • 100
Nik
  • 2,424
  • 3
  • 18
  • 16

2 Answers2

256

department is meant to be a string (to be used here as array key). Strings in PHP must be enclosed in quotes. In the days of the long past PHP was lax about using quotes for single-word strings but these days are long gone.

Therefore, it must be 'department' or "department".

The same goes for the other errors as well.

As is, it was looking for constants called department, name, email, message, etc. When it doesn't find such a constant, PHP (bizarrely) interprets it as a string ('department', etc) but warns you about that. Obviously, this can easily break if you do defined such a constant later (though it's bad style to have lower-case constants).

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
Matthew Flaschen
  • 278,309
  • 50
  • 514
  • 539
  • Is it referring to the $_POST variable? – Nik May 31 '10 at 03:10
  • 1
    It's not referring specifically to the $_POST. The same thing would happen for other associative arrays too. – Hammerite May 31 '10 at 03:47
  • 3
    @Col. Shrapnel, when did I say *only* array keys needed be quoted? He does need to quote the keys, but not only them. – Matthew Flaschen Nov 06 '11 at 09:06
  • 2
    well I mean that no need to quote *array keys*. one have to quote strings, not array keys. a key don't require no special quoting. – Your Common Sense Nov 06 '11 at 11:40
  • 5
    It's not "bizarre"... It's "backward compatible". PHP originally allowed and even promoted using unquoted strings as keys. (Okay, maybe it is still "bizarre". :-) – Brian White Oct 12 '12 at 19:52
  • 4
    @BrianWhite Fun fact, when [proposing to deprecate this functionality](https://wiki.php.net/rfc/deprecate-bareword-strings), I could find no evidence that it was ever officially encouraged, and only beta releases of PHP 3.0 included the behaviour without the notice, so it appears to be backwards compatible to a feature that was never released. Anyway, it will be gone in PHP 8.0, whenever that comes along. – IMSoP Jan 30 '18 at 09:46
  • In the early days of PHP (2005ish) there were a lot of tutorials using unquoted array keys like this, so there's a surprising amount of old code out there written this way. The feature also allows things like `"Static string... $array[key] ..."` which, in the double-quotes, means the value of `$array['key']` is returned. You cannot fix the code by just putting `key` in single quotes, instead you need `"...".$array['key']."..."` These constructions can thus be cumbersome to rewrite (get it wrong and you get a syntax error) using the new syntax. Maybe that's one reason it's been kept in so long. – cazort Sep 02 '21 at 03:03
94

The error message is due to the unfortunate fact that PHP will implicitly declare an unknown token as a constant string of the same name.

That is, it's trying to interpret this (note the missing quote marks): 

$_POST[department]

The only valid way this would be valid syntax in PHP is if there was previously a constant department defined. So sadly, rather than dying with a Fatal error at this point, it issues this Notice and acts as though a constant had been defined with the same name and value:

// Implicit declaration of constant called department with value 'department'
define('department', 'department');

There are various ways you can get this error message, but they all have the same root cause - a token that could be a constant.

Strings missing quotes: $my_array[bad_key]

This is what the problem is in your case, and it's because you've got string array keys that haven't been quoted. Fixing the string keys will fix the bug:

Change:

$department = mysql_real_escape_string($_POST[department]);
...(etc)...

To:

$department = mysql_real_escape_string($_POST['department']);
...(etc)...

Variable missing dollar sign: var_without_dollar

Another reason you might see this error message is if you leave off the $ from a variable, or $this-> from a member. Eg, either of the following would cause a similar error message:

my_local;   // should be $my_local
my_member;  // should be $this->my_member

Invalid character in variable name: $bad-variable-name

A similar but more subtle issue can result if you try to use a disallowed character in a variable name - a hyphen (-) instead of an underscore _ would be a common case.

For example, this is OK, since underscores are allowed in variable names:

if (123 === $my_var) {
  do_something();
}

But this isn't:

if (123 === $my-var) {
  do_something();
}

It'll be interpreted the same as this:

if (123 === $my - var) {  // variable $my minus constant 'var'
  do_something();
}

Referring to a class constant without specifying the class scope

In order to refer to a class constant you need to specify the class scope with ::, if you miss this off PHP will think you're talking about a global define().

Eg:

class MyClass {
  const MY_CONST = 123;

  public function my_method() {
    return self::MY_CONST;  // This is fine
  }


  public function my_method() {
    return MyClass::MY_CONST;  // This is fine
  }

  public function my_bad_method() {
    return MY_CONST;  // BUG - need to specify class scope
  }
}

Using a constant that's not defined in this version of PHP, or is defined in an extension that's not installed

There are some system-defined constants that only exist in newer versions of PHP, for example the mode option constants for round() such as PHP_ROUND_HALF_DOWN only exist in PHP 5.3 or later.

So if you tried to use this feature in PHP 5.2, say:

$rounded = round($my_var, 0, PHP_ROUND_HALF_DOWN);

You'd get this error message:

Use of undefined constant PHP_ROUND_HALF_DOWN - assumed 'PHP_ROUND_HALF_DOWN' Warning (2): Wrong parameter count for round()

John Carter
  • 53,924
  • 26
  • 111
  • 144
  • 3
    Without any doubt, this answer is more comprehensive than others and deserves the best answer badge! I was too missed the Class Scope and End Up getting Some Valuable Information For The Future. Thanks, John! – Harish ST Jun 23 '19 at 12:52