All geek questions in one place

Undefined variable error in PHP

Notice: Undefined variable: username in C:\xampp\htdocs\test_class.php
        on line 20
Notice: Undefined variable: password in C:\xampp\htdocs\test_class.php
        on line 20

I get the above error when I use this piece of code to verify my username and password with my database.

<?php
    class test_class {

        public function __construct() { 

        }
        public function doLogin() {

            include("connection.php");

            if (isset($_POST['username']))
                {
                $username= $_POST['username'];
                }
                if (isset($_POST['password']))
                {
                $password= $_POST['password'];
                } 

            $query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
            $result = mysql_fetch_array(mysql_query($query));
            if(!$result)

            {

            return 'assa';

            }else{

            return 'assa112121212';

            }

                }
        }
?>
+3
source share
6 answers

This means that most likely your form has not been submitted. You must make sure that you use only variables, if they exist. In addition, you should never use using data from users without checking it. Follow these steps, for example:

if (isset($_POST['username']) && isset($_POST['password']))
{
    $username= $_POST['username'];
    $password= $_POST['password'];
    $query = "SELECT *
                      FROM users
                      WHERE username = '".mysql_real_escape_string($username)."'
                      AND password = '".mysql_real_escape_string($password)."'";
    $result = mysql_fetch_array(mysql_query($query));
    # ...
}
else
{
    return NULL;
}
+11
source

This is just a notification that the variables are referenced in the request without being in scope.

$username $password doLogin() . .

$username $password. - :

if( isset($_POST['username']) && isset($_POST['password'])){
     //create vars, do query
}else{
     // Nothing to process
}

20, , , . :

  • / ( PHP)
  • ifs . , , :)

: , , , SQL . PDO ( ) mysql_escape_string()

!

+10

:)

<?php
class test_class
{
    private $post = array();
    public function __construct ()
    {
    }
    public function doLogin ()
    {
        $this->post = $_POST;
        include ("connection.php");
        if ($this->post['username'] && $this->post['password']) {
            $username = $this->post['username'];
            $password = $this->post['password'];
            $query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
            $result = mysql_fetch_array(mysql_query($query));
            if (! $result) {
                return 'assa';
            } else {
                return 'assa112121212';
            }
        }
    }
}
?>
+3
<?php
class test_class {

    public function doLogin() {
        include("connection.php");

        if (isset($_POST['username']) && isset($_POST['password']) {
            $username = $_POST['username'];
            $password = $_POST['password'];

            $query = "SELECT * ".
                     "FROM users " .
                     "WHERE username = '$username' ".
                     "  AND password = '$password'";
            $result = mysql_fetch_array(mysql_query($query));
            if(!$result) {
               return 'assa';
            } else {
               return 'assa112121212';
            }
        } else {
            echo "Missing parameter 'username' and/or 'password'";
        }
    }
}

, escape $username $password, sql injection.

+1

, .

, - ;

public function doLogin() {

    include("connection.php");
    $username = (isset($_POST['username'])) ? $_POST['username'] : NULL ;
    $password = (isset($_POST['password'])) ? $_POST['password'] : NULL ;
        if ( $username !== NULL && $password !== NULL )  {
                    $query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
                    $result = mysql_fetch_array(mysql_query($query));
            /* auth code here */

        } else {
        return false; // no u/p provided    
    }

    }

, - , mysql_real_escape_string PDO ( PHP)

+1

error_reporting (E_ALL ^ ​​E_NOTICE); , . WALL WERROR gcc.

0

Source: https://habr.com/ru/post/1709090/

More articles:


All Articles