0

Possible Duplicate:
PHP: “Notice: Undefined variable” and “Notice: Undefined index”

I am new to PDO, and i am currently trying to convert all of my mysql_query's to PDO-> and I keep getting an error of an undefined variable $db

here is my code for the Database connection page:

$host = "localhost";
$user = "root";
$password = "";
$dbname = "XXXX";
global $db;
$db = new PDO("mysql:host=$host;dbname=$dbname;charset=UTF8", $user, $password);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);

Edit: my register function that is having problems

<?php
###########################
#                         #
# Database Authentication #
#                         #
###########################

require('Database.php');
require('Bcrypt.php');
require('Session.php');

function register($username, $password, $email){
    if($username != null && $email != null && $password != null){
        /*
        $check = $database->prepare("SELECT * FROM users WHERE Username = '$username' OR Email = '$email'");
        $sql = $check->execute();
        if(count($check) > 0){
            echo "The username or email address you entered is already in use, please try another combination";
        }

                I currently have this commented out to test the INSERT query below
        */
        if(true){
            $salt = create_salt($username);
            $password = hash_pass($password, $salt);
            $query = $db->prepare("INSERT INTO users (Username, Password, Email) VALUES('$username', '$password', '$email')");
            $query->execute();
            return true;
        }
        else{
            echo "Something went wrong with inserting into table";
            return false;
        }
    }
    else{
        echo "Please fill in all of the information in order to register";
        return false;
    }
}

When running this i get

Notice: Undefined variable: db in ...\Authentication.php on line 33

Community
  • 1
  • 1
  • 1
    Why are you using a prepared statement without preparing the values!?!?!? `$query = $db->prepare("INSERT INTO users (Username, Password, Email) VALUES(?, ?, ?)"); $query->execute(array($username, $password, $email));` – prodigitalson Dec 18 '12 at 23:13
  • 1
    Asking the obvious here, what is line 33 of `Authentication.php`? I assume it's `$query = $db->prepare...` but could be wrong – Phil Dec 18 '12 at 23:15
  • yes, sorry for the vaque notice, but line 33 is what you said –  Dec 18 '12 at 23:18

3 Answers3

3

You need to move the global $db; statement from where it is into the function scope.

See "Example #1 Using global" here.

Nick Rolando
  • 25,879
  • 13
  • 79
  • 119
  • 3
    or you know, not use `global` at all – Phil Dec 18 '12 at 23:15
  • 1
    At least hes trying to convert his code from `ext/mysql`... use of that extension is the bigger sin if i have to pick one or the other to fix :-) – prodigitalson Dec 18 '12 at 23:18
  • Moving it to the function scope worked, but a lot of people are against using global, is there a better way to do it? –  Dec 18 '12 at 23:22
  • 1
    @HurricaneChris Hard to say without seeing the context of your code, but can you pass it as a function argument? – Nick Rolando Dec 18 '12 at 23:24
  • @Shredder I edited the main question to show full function –  Dec 18 '12 at 23:34
  • @HurricaneChris can you pass it as a function argument? – Nick Rolando Dec 18 '12 at 23:36
  • @Shredder any other way to do it besides pass it as an argument? I rather not pass it as an argument because it seems like an incorrect way to do it and anything that required the connection would also have to take in the variable as an argument –  Dec 18 '12 at 23:37
  • @HurricaneChris That shouldn't matter. You should still be able to pass it as you do other variables. – Nick Rolando Dec 18 '12 at 23:43
  • @Shredder Would i lose security if i were to do this and have the login page and registration page requiring the Database page? I am extremely focused around security primarily –  Dec 18 '12 at 23:46
  • @HurricaneChris Why would simply passing `$db` to the function force you to require a Database.php? By the way, if you feel this answered your question, feel free to check 'accepted answer' ;) – Nick Rolando Dec 18 '12 at 23:52
  • @Shredder because im using it in a different page that displays a register form and calls the register function, and i cannot pass the variable from this page without requiring the Database page –  Dec 18 '12 at 23:54
  • @HurricaneChris Sorry, not sure if I follow. But no, it won't hinder security. – Nick Rolando Dec 18 '12 at 23:58
  • @Shredder Last question, should i go with passing it as a variable, or the global keyword way? –  Dec 18 '12 at 23:59
  • @HurricaneChris pass it as a variable :) – Nick Rolando Dec 19 '12 at 00:01
1

A quick fix would be to pass your $db into the function register so it will be available inside this functions scope. Make sure you drop the global keyword from your $db variable first, and you will need to update any other scripts using the function register() and pass in the $db variable:

function register($username, $password, $email, $db){
//now you will have $db available inside this scope

Hope this helps, however as a sidenote this is rather clunky and you should probably focus on setting up your application to use classes instead.

PhearOfRayne
  • 4,990
  • 3
  • 31
  • 44
  • I have it being required and i still get the same notice / error –  Dec 18 '12 at 23:18
  • You should get rid of the global keyword, and just make it $db. I didn't know anyone was even still using the global keyword as they are frowned upon. – PhearOfRayne Dec 18 '12 at 23:22
  • Getting rid of the global keyword makes the variable $db undefined in Authentication.php, have any idea how to be able use the variable without using the global keyword? –  Dec 18 '12 at 23:25
  • Is your Authentication.php a class? If so your going to need to do some changing of your structure. – PhearOfRayne Dec 18 '12 at 23:26
  • Edited the main question –  Dec 18 '12 at 23:30
  • @HurricaneChris I updated my answer to reflect your edit, give it a try and see how it goes. – PhearOfRayne Dec 18 '12 at 23:37
  • It does work like that, but i rather not do that since i have to require the Database.php page to the page that calls the register() function –  Dec 18 '12 at 23:40
  • 1
    `Best Practices` **VS** `Rather Not` its up to you! – PhearOfRayne Dec 18 '12 at 23:43
0

You seem to be declaring $db as global before it has been declared.

qooplmao
  • 17,622
  • 2
  • 44
  • 69