Strict mode in PHP

Asked 7/7, 2010 at 8:27 Answered 7/5, 2022 at 7:28

Other languages with automatic variable declaration - like Perl - have a strict mode.

By activating this strict mode, variable declaration is required, and Perl throws an error as soon as you try to use an undeclared variable.

Does PHP offer a similar feature?

Thermostatics answered 7/7, 2010 at 8:27 Comment(4)

Since version 7 PHP does support strict mode, just put declare(strict_types=1); at the top of each (and every) script file, before the namespace declaration. – Counter 23/5, 2017 at 9:5

@Counter That's a different kind of strict mode then the one asked about in the question. – Blush 3/7, 2017 at 16:59

True. Revert to error_reporting(E_STRICT);. – Counter 4/7, 2017 at 9:3

Topically relevant: Enabling 'strict_types' globally in PHP 7 – Poulin 31/1 at 21:3

Kind of. You can activate the E_NOTICE level in your error reporting. (List of constants here.)

Every instance of usage of an undeclared variable will throw an E_NOTICE.

The E_STRICT error level will also throw those notices, as well as other hints on how to optimize your code.

error_reporting(E_STRICT);

Terminating the script

If you are really serious, and want your script to terminate instead of just outputting a notice when encountering an undeclared variable, you could build a custom error handler.

A working example that handles only E_NOTICEs with "Undefined variable" in them and passes everything else on to the default PHP error handler:

<?php

error_reporting(E_STRICT);

function terminate_missing_variables($errno, $errstr, $errfile, $errline)
{                               
  if (($errno == E_NOTICE) and (strstr($errstr, "Undefined variable")))
   die ("$errstr in $errfile line $errline");

  return false; // Let the PHP error handler handle all the rest  
}

$old_error_handler = set_error_handler("terminate_missing_variables"); 

echo $test; // Will throw custom error

xxxx();  // Will throw standard PHP error

 ?>

Papyrus answered 7/7, 2010 at 8:29 Comment(10)

yes it is kind of but not as a whole like other strict-type languages. – Armageddon 7/7, 2010 at 8:30

@sAc yup, there are other things that are output as notices too, so they will come up as well when you turn this on. (And obviously, it's not as strict as in a strongly typed language.) – Papyrus 7/7, 2010 at 8:31

Thanks your code works excellent! I changed die into throw to redirect the output to the Zend Error Trace view. – Thermostatics 7/7, 2010 at 13:30

This works well, but I don't get a stack trace in these cases. Any suggestions on how to modify this to get stack traces? – Sobel 20/9, 2011 at 14:0

Does error_reporting(E_STRICT) only affect code within the file, or does it globally set a setting for all code? – Blush 3/7, 2017 at 17:1

@Blush only within the current file (or rather, script being run, which could be scattered across multiple files that get include()d.) – Papyrus 3/7, 2017 at 21:46

This only outputs messages with E_STRICT priority (see PHP's source code). As @full mentions and you only tagges #php, PHP has since 7.0 or 7.1 (not sure!) a real strict mode. Please see his answer for details. – Dynamometer 26/7, 2018 at 10:43

But only at runtime, not parse time (if there is such a thing)? Perhaps be explicit about that? Perl can be made to complain at compile time. – Couturier 22/4, 2020 at 18:43

"In PHP, you can only know a variable doesn't exist when you try to access it." – Couturier 22/4, 2020 at 20:3

@Dynamometer has a good point here. If you enable this (on PHP 7.4), you will not get any E_NOTICE messages any more, for example. – Anorthite 18/9, 2020 at 8:18

Use

error_reporting(-1);

to show every possible error, including E_STRICT and even when new levels and constants are added in future PHP versions.

(Reference)

Arrow answered 7/7, 2010 at 8:36 Comment(6)

Is error_reporting(-1) the same as error_reporting(E_STRICT) ? – Vaso 6/6, 2013 at 14:16

@Vaso no, -1 enables all current and future error reporting. See the Tip at the bottom of the PHP Manual page. – Arrow 8/6, 2013 at 15:53

The constants E_STRICT and so on are bitmasks. By combing them with an OR you set the bits. -1 will set every bit. Example: A = 1; b(00000001) B = 2; b(00000010) A OR B = 3 (00000011); -1 = b(11111111) – Spraggins 4/5, 2016 at 7:50

Is it by two's complement of -1 (how many bits) or because it is negative? – Couturier 22/4, 2020 at 19:22

Why not use E_ALL? It seems to be decimal 32767 (0x7FFF, 15 ones - binary 111111111111111). – Couturier 23/4, 2020 at 9:26

@PeterMortensen see php.net/manual/en/function.error-reporting.php. E_ALL only includes E_STRICT as of PHP 5.4. So "all" didn't mean "all" back when the question was asked in 2010. – Arrow 23/4, 2020 at 15:30

After some years, PHP 7.0.0 has gained declare(strict_types=1).

Calabar answered 22/2, 2018 at 20:57 Comment(3)

While it's named "strict mode", it's not what the strict mode in e.g. Perl is. This does strict type checking, that is, if your function expects a string and is given an int, not silent conversion will happen, but an error will be thrown. The strict mode OP asked about is basically that you need to say $var = 1 before you can use $var, so you don't WILL catch typos in var names immediately, not just when some if condition makes the code with the typo run. – Toreutic 9/8, 2018 at 21:45

The new link is php.net/manual/en/… – Dynamometer 15/12, 2020 at 20:15

it can be done in php.ini for all my projects? – Silky 19/9, 2021 at 15:34

Yes, type error_reporting(E_STRICT|E_ALL); in the beginning of your script.

Exserviceman answered 7/7, 2010 at 8:28 Comment(3)

Only prior PHP 5.4.0, you need E_STRICT explicitly. See php.net/manual/en/function.error-reporting.php where E_STRICT became part of E_ALL since 5.4.0. – Dynamometer 27/10, 2017 at 13:1

But only at runtime, not parse time (if there is such a thing)? – Couturier 22/4, 2020 at 18:43

@PeterMortensen yeah, like most things in PHP, runtime it is. error_reporting() can be adjusted multiple times, so it only affects what's being executed when the error_reporting level is set high enough. PHP includes everything in runtime, common template logic (a.k.a. all PHP code) depends on referring to unset variables, which are then set through another script that requires the "template", thus setting the variables (some simplified/ad hoc terms here but you get the idea). – Exserviceman 22/4, 2020 at 22:27

You may check error_reporting, and don't forget to set display_errors as well. Note, that there are multiple levels of error reporting.

Ornithorhynchus answered 7/7, 2010 at 8:30 Comment(0)

PHP is warning about undeclared variables by default; you just need to turn the error reporting level up so you'll see the notices. Note though that since there's no special syntax to declare a variable in PHP and you simply declare one by assigning to it, it can only warn you when you try to use the value of an undeclared variable. Contrary to other languages, "assignments to undeclared variables" do not exist, so PHP can't warn you there.

Photoengraving answered 7/7, 2010 at 8:29 Comment(0)

Use

error_reporting(E_ALL);

at the beginning of your PHP code.

Or set the error_reporting setting in your php.ini file, to set it for all PHP files.

Robertroberta answered 7/7, 2010 at 8:30 Comment(0)

You can implement your own error handling function with set_error_handler().

Then you can react to certain error levels as you wish.

For example, instead of just showing and logging an error message, you could terminate the script if a variable is not declared properly or if any condition is met that you don't like.

That way you can enforce a very strict policy for any code that runs on your PHP interpreter instance.

Tithable answered 7/7, 2010 at 8:37 Comment(0)

Yes, you can from PHP 7.X onwards,

declare(strict_types=1);

This will enforce all the scalar type declarations to be strict with types.

But if you enable this globally, it can affect other third-party modules (for example, PHP Composer libraries) which are relying in weak mode, so make sure to enforce it in relevant classes/files.

Pleader answered 11/9, 2019 at 5:33 Comment(1)

Strict with types when? At parse/compile time? Or only at runtime? – Couturier 22/4, 2020 at 19:29

Yes, you do that with error reporting.

http://www.php.net/manual/en/function.error-reporting.php

Ava answered 7/7, 2010 at 8:28 Comment(1)

Only half-answered. Please see other answers. – Dynamometer 27/10, 2017 at 13:2

I would suggest that the requirements for reporting and handling errors differ within your development environment and your live production environment (WWW, company intranet, etc.). During development you will want to see as much detail as possible to find and fix problems.

In the live environment, I don't think that you want to show PHP error messages to the users, but rather allow the script to continue with reduced functionality (for example, a message like "Sorry we cannot update your profile at the moment", or redirect the user to the home page, etc.). A way to achieve this would be through the use of custom error handlers for each environment.

Androgen answered 7/7, 2010 at 10:26 Comment(2)

I implemented Pekkas code into my testing / development stages. – Thermostatics 7/7, 2010 at 13:27

Yes, there is also the risk of exposing the first 16 characters of the database password. – Couturier 22/4, 2020 at 19:28

Use:

error_reporting(E_STRICT);

I think you need to try this above.

Packhorse answered 3/4, 2020 at 17:33 Comment(2)

How is this different from previous answers? – Couturier 22/4, 2020 at 19:30

sorry buddy i was in hurry and did not saw your answer – Packhorse 18/12, 2020 at 11:5

An improvement to @pekka's answer that also detects undefined array keys and offsets and undefined constants:

error_reporting(E_STRICT);

function terminate_undefineds($errno, $errstr, $errfile, $errline)
{ // $errno: E_NOTICE, etc.

    $errstr = strtolower($errstr);
    
    if (
            (strstr($errstr, "undefined variable")) ||
            (strstr($errstr, "undefined index"))    || // Such as $GLOBALS['some_unknown_var']
            (strstr($errstr, 'undefined constant')) || // Such as echo UNKNOWN_CONST
            (strstr($errstr, "undefined offset"))
            )
        die("$errstr in $errfile line $errline");
    else
        return false; // Let the PHP error handler handle all the rest
}

set_error_handler("terminate_undefineds");

As above code also restricts access to unknown $_GET and $_POST keys, you can define a similar method with related row commented and use set_error_handler before checking $_GET and $_POST keys. Also instead, you can use below methods to receive $_GET, $_POST and etc keys:

// Could be used in strict mode
function get_($what, $key) {
    switch (strtolower($what)) {
        case 'get':
            return isset($_GET[$key]) ? $_GET[$key] : null;
        case 'post':
            return isset($_POST[$key]) ? $_POST[$key] : null;
        case 'session':
            return isset($_SESSION[$key]) ? $_SESSION[$key] : null;
        case 'server':
            return isset($_SERVER[$key]) ? $_SERVER[$key] : null;
    }
}

Quadrilateral answered 7/5, 2022 at 7:28 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags