I’m using some premium plugins, and analyzing their code I found, that in some functions they use code like:
$output .= $some_str;
when that $output wasn’t mentioned anywhere before.
How safe is this code? I tried to find any guidance in PHP Manual for this, but for what I see, they only define it for both $output and $some_str being previously set before.
Later this $output variable is used to echo HTML code.
Did you see any specifications regarding that? Maybe there is something I could do outside of those plugins to make this code safer? Some default value defined for all uninitialized variables?
Thank you!
It is bad practice, which is why PHP will issue an E_NOTICE (if you enable error reporting).
That said, PHP variables are always initialized automatically so it won’t have any negative effect.