how to keep the value in a variable from select query in PHP

Question

what i want to do is to check the password in the Employee table where user name is fill in the form ..but i cant do how to do the error shows that:

Notice: Use of undefined constant password - assumed 'password' in E:\Xamp\htdocs\login.php on line 17

wrong password or user name ...

here is the employee table

create table Employee(
E_ID number(10) primary key,
E_First_Name varchar2(10),
E_Last_Name varchar2(10),
user_name  varchar2(10) unique,
password varchar2(10),
E_Gender varchar2(6),
E_address varchar2(50),
E_phone_No number(11),
E_category varchar2(10),
EMP_salary number(20),
work_hour varchar2(20),
Date_Of_Join date
);

<?php
                   $conn=oci_connect("system","123","localhost/orcl");
    ob_start();
    $current_file=$_SERVER['SCRIPT_NAME'];
    $massage= "";
                   settype($bar, "string");
    if(isset($_POST['user_name'])&&isset($_POST['password']))           
    {

        $user_name= $_POST['user_name'];
        $password = $_POST['password'];
        if(!empty($user_name)&&!empty($password))
        {
                                                                             $sql = "select password into $bar  from Employee where user_name='".$user_name."' ";
                $stid = oci_parse($conn,$sql);
                $r = @oci_execute($stid);
                if(password==$bar )
                {
                    echo 'login verified...<br>';
                }
                else
                {
                    echo 'wrong password or user name ...<br>';
                }

        }
        else
        {
            $massage = "please fill up your username and password correctly<br>";
        }
    }

?>
<html>
<head>
<title>Login</title>
<style>
body
{
background:orange;
}
</style>
<head>
<body>
fill username and password to log in<br><br>
<?php echo $massage;?>
<hr color="green">
<form action="<?php echo $current_file;?>" method="POST">

    user_name:<br> <input type="text" name ="user_name" ><br><br>
    password:<br> <input type="text" name="password" ><br><br>
    <input type ="submit" value="Log In"><br><br>
                   <a href="OrderTable.php">please check  your Order_ID</a><br><br>



</form>
</body>
</html>

Your code is vulnerable to SQL injections. You should read on [how to prevent them in PHP](http://stackoverflow.com/q/60174/53114). — Gumbo, Mar 22 '14 at 18:07

score 2 · Answer 1 · edited May 23 '17 at 10:26

You forgot to add $ before password

 if(password==$bar )   //<--------- In this line
                {
                    echo 'login verified...<br>';
                }
                else
                {

should be

if($password==$bar )

Sidenotes :

Get a good IDE for your PHP Development. (Google for PHP IDEs) so you can avoid such errors whilst you code.
Try to enable error reporting on your PHP code.

EDIT :

<?php
$conn=oci_connect("system","123","localhost/orcl");
ob_start();
$current_file=$_SERVER['SCRIPT_NAME'];
$bar="";
if(isset($_POST['user_name'])&&isset($_POST['password']))
{

    $user_name= $_POST['user_name'];
    $password = $_POST['password'];
    if(!empty($user_name)&&!empty($password))
    {
        $sql = "select password from Employee where user_name='".$user_name."' ";

        $stid = oci_parse($conn,$sql);
        $r = oci_execute($stid);
        while (($row = oci_fetch_array($stid, OCI_BOTH)) != false) {
            $bar=$row['password'];
        }
        if($password==$bar)
        {
            echo 'login verified...<br>';
        }
        else
        {
            echo 'wrong password or user name ...<br>';
        }

    }
    else
    {
        $massage = "please fill up your username and password correctly<br>";
    }
}

?>
<html>
<head>
    <title>Login</title>
    <style>
        body
        {
            background:orange;
        }
    </style>
<head>
<body>
fill username and password to log in<br><br>
<?php echo $massage;?>
<hr color="green">
<form action="<?php echo $current_file;?>" method="POST">

    user_name:<br> <input type="text" name ="user_name" ><br><br>
    password:<br> <input type="text" name="password" ><br><br>
    <input type ="submit" value="Log In"><br><br>
    <a href="OrderTable.php">please check  your Order_ID</a><br><br>



</form>
</body>
</html>

at least give him the full answer. $bar is not defined. I suppose is from database. — Marius.C, Mar 22 '14 at 17:00
but still it working i am sure that username and password is correct.i am not sure that the password is stored in $bar correctly or not — user3440295, Mar 22 '14 at 17:08
Yes `$bar` is not getting initialized anywhere. What does `$bar` supposed to hold ? — Shankar Narayana Damodaran, Mar 22 '14 at 17:10
plz tell me how to initialize it so that it could store varchar2.tell me detail .i dnt know much about variable.it would be gratefull if you give the code — user3440295, Mar 22 '14 at 17:14

how to keep the value in a variable from select query in PHP

1 Answers1