0

I have a simple script to allow a user to register an account. A warning about $_POST indexes being undefined occurs on the following two lines of the script that receives the form submission:

$email = mysql_real_escape_string($_POST['email']);
$username = mysql_real_escape_string($_POST['username']);

I've tried a var_dump($_POST), and those indexes are clearly defined. Furthermore, the following line works, and enters the information you would expect:

$id = $this->flexi_auth->insert_user($email, $username, $password, false, false, true);

If $_POST['email'] and $_POST['username'] were really undefined, there's no way that line would work. The user created in the database is with the username and email entered on the submission form. That being the case, why is it throwing obviously false warnings?

lxg
  • 12,375
  • 12
  • 51
  • 73
Fibericon
  • 5,684
  • 12
  • 37
  • 64
  • Don't forget to check if $email and $username are not empty. that's probably the fault. – Matheno Oct 30 '14 at 10:43
  • [**Please, don't use `mysql_*` functions in new code**](http://stackoverflow.com/q/12859942). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [**red box**](http://uk.php.net/manual/en/function.mysql-connect.php)? Learn about [*prepared statements*](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide which. – itachi Oct 30 '14 at 10:58
  • post the whole code. probably you are overriding the `$_POST` somewhere. – itachi Oct 30 '14 at 10:58
  • What's the exact error you get? – Ben Swinburne Oct 30 '14 at 11:43

2 Answers2

2

Try something like this.

$email = '';
$username = '';
if(!empty($_POST['email']) && !empty($_POST['username'])
{
    $email = mysql_real_escape_string($_POST['email']);
    $username = mysql_real_escape_string($_POST['username']);
}
Roni
  • 194
  • 10
0

It is possible that they could be undefined, hence the notices.

CodeIgniter has a function to help handle this, it returns FALSE if the item does not exist:

$this->input->post('item');

So, instead of:

$_POST['email']

You can use:

$this->input->post('email')

and so on...

You'll probably also want to check that you have valid values (not empty, for example) before creating a new user.

jleft
  • 3,457
  • 1
  • 23
  • 35