Uninitialized variables in PHP
<?php
if($user==’testuser’) {
$ok = true;
}
if($ok) {
echo “$user logged in”;
}
?>
We can catch these by setting the error_reporting level to E_ALL. The above script would generate this
warning (assuming $user is set):
<b>Warning</b>: Undefined variable: ok in <b>script.php</b> on line <b>6</b>
We can of course also turn off register_globals, but that addresses the symptom rather than the problem.
