0

I haven't posted on here before so am not sure whether my posting etiquette is up to scratch but I thought I would try my luck on here.

So, I have this PHP function here which I use to create variables without it throwing errors if there is no value set for it

function getIfSet(&$value, $default = "") {
    return isset($value) ? $value : $default;
}

One example where I use this would be:

$errormsg = getIfSet($_SESSION["LoginError"]);

if ($errormsg != "") {
    unset($_SESSION["LoginError"]);
}

However I have some pages where I use this multiple times so I attempted creating a function for this instead. This was not working (I am very new to PHP however), but I noticed that the following code worked

$a = "errormsg";
$b = "LoginError";

$$a = getIfSet($_SESSION[$b]);

if ($$a != "") {
    unset($_SESSION[$b]);
}

So by this logic, I assumed the following function would work too

function get($a, $b) {
    $$a = getIfSet($_SESSION[$b]);

    if ($$a != "") {
        unset($_SESSION[$b]);
    }
}

get("errormsg", "LoginError");

However it does not. It instead says Notice: Undefined variable: errormsg on line 78 but I do not quite understand why it would not work, seeing as it works fine when I use the variables $a and $b just not in a function instead. Thank you in advance and sorry if I don't have very efficient coding, I'm new :D

xTurqz
  • 11
  • 1
  • 1
    Your referenced variable is out of [scope](http://php.net/manual/en/language.variables.scope.php) – vascowhite Dec 16 '15 at 20:38
  • 1
    To expand on what @vascowhite said, the problem is that `$errormsg` is a global variable, so it's not visible inside the function unless you have a `global $errormsg;` declaration in the function. – Barmar Dec 16 '15 at 20:43
  • Add `global $$a;` to the beginning of `get()`. – Barmar Dec 16 '15 at 20:45
  • @Barmar don't know why that escaped me... That does indeed work, but I get slated for using global usually, I don't know any other way to make this work though? – xTurqz Dec 16 '15 at 21:43
  • Well, the whole thing you're trying to do is kind of wonky. Why are you passing around variables names instead of using variable references? – Barmar Dec 16 '15 at 21:46
  • E.g. `function get(&$a, $b)`, and then call it as `get($errormsg, "LoginError")` – Barmar Dec 16 '15 at 21:46
  • Why do you even need to pass the variable to the function? Just do `$errormsg = get("LoginError");` – Barmar Dec 16 '15 at 21:48

1 Answers1

-2

You're using $$a (which is a variable variable).

You should only have a single dollar sign, eg, $a.

As a general rule, you should pretty much never use variable variables, especially not if they come from user input.

Ian
  • 24,116
  • 22
  • 58
  • 96
  • The OP appears to be aware that they are using variable variables, hence my -1 on this occasion. – vascowhite Dec 16 '15 at 20:41
  • His error is directly caused by the use of variable variables, which he should not be using. – Ian Dec 16 '15 at 20:42
  • Whatever variable OP creates in that function will not be available outside the function, whether it is created using variable variables or not. – Don't Panic Dec 16 '15 at 20:45
  • He listed `$$a = getIfSet($_SESSION[$b]);` without being in any specific function, followed by a `unset($_SESSION[$b]);`. This can be a very large security risk, and OP should me made aware of this. He's making very poor use of variable variables and should stop using them until he fully understand what he's doing. – Ian Dec 16 '15 at 20:47
  • @Ian All your points are correct and you give excellent advice, However, you are not answering the question. – vascowhite Dec 16 '15 at 23:24