Notice: Undifined variable: [value]

Question

I have searched on stackoverflow about the undifined variable, and I couldn't find anything that solved my problem.

this is my PHP code:

if(isset($_POST['login'])){

    $username =mysql_real_escape_string( $_POST['naam']);
    $password =md5( $_POST['wacht']);

    $check_user = "select * from users where gebruikersnaam='$gebruikersnaam' AND wachtwoord='$wachtwoord'";

    $run =mysql_query($check_user);

    if(mysql_num_rows($run)>0){

    $_SESSION['naam']=$gebruikersnaam;

        echo "<script>window.open('welkom.php','_self')</script>";
    }

This is my HTML code:

<div id=content>
    <form method='POST' action='login.php'>
        Gebruikersnaam:<br>
        <input type='text' name='naam' />
        <br>
        <br>
        Wachtwoord:<br>
        <input type='password' name='wacht' />
        <br>
        <br>
        <input type='submit' name='login' value='Inloggen' />
    </form>
    <br>
    Niet geregistreerd? <a href='registratie.php'>Klik hier.</a>
</div>

I can't see where my problem is, it says I have a undefined variable on this line: $check_user = "select * from users where gebruikersnaam='$gebruikersnaam' AND wachtwoord='$wachtwoord'";

The names I use are from my database so I wouldn't make a mistake with the names.

Could you people help me? It would be a real time saver because I can't find the problem.

Don't assume because the submit button is pressed that the values are set. Use `isset` on all `$_POST` items. — Script47, Jan 15 '16 at 11:28
@Script47 i do use the isset on all post items, the check_user i inside the isset. — Gandalf, Jan 15 '16 at 11:30
Replace your query by `$check_user = "select * from users where gebruikersnaam='$username' AND wachtwoord='$password'";` — AnkiiG, Jan 15 '16 at 11:31
@Script47 well my PHP code is below the HTML and i i try it on a test page it does work — Gandalf, Jan 15 '16 at 11:32
@AnkiiG i have changed my ode with yours now it does not show the variable but now i can't login, it doesn't do anything — Gandalf, Jan 15 '16 at 11:34
Do this and check the number of rows returned `echo mysql_num_rows($run);` — AnkiiG, Jan 15 '16 at 11:36
@AnkiiG i have found a another fault in my code i used $username and $password in my post but it needs to be $gebruikersnaam and $wachtwoord — Gandalf, Jan 15 '16 at 11:40
you can name the variables as you want but the fields in the database table must match the query where condition clause @Gandalf — AnkiiG, Jan 15 '16 at 11:43
@AnkiiG yea i am aware of that, but as i said earlier i did copy the names of the rows in my database so i wouldn't screw up with the names typed incorrect — Gandalf, Jan 15 '16 at 11:53

score 0 · Accepted Answer · answered Jan 15 '16 at 11:43

You do not check if the following variables are set before you assign them.

$_POST['naam']
$_POST['wacht']

As you did with $_POST['login'] you can use isset to check they exist before assignment.

if (isset($_POST['naam'] && isset($_POST['wacht']) {
    // Do something...
}

In addition to this in the query you are using the variables $gebruikersnaam and $wachtwoord which you don't appear to be referencing anywhere else? So after some google translating I'm guessing that you intended for this bit of code:

$username =mysql_real_escape_string( $_POST['naam']);
$password =md5( $_POST['wacht']);

To be the following:

$gebruikersnaam = mysql_real_escape_string($_POST['naam']);
$wachtwoord     = md5($_POST['wacht']);

Hopefully that helps, just a bit of a side note though, I would really advise reading over http://www.phptherightway.com/ and getting familiar with some of the best practices for PHP.

In your code I would attempt to refactor it and utilise password_hash() and mysqli_* as MD5() is not secure and the mysql_ extension has been removed in the latest version of PHP and was deprecated before that.

mmm ok, can i replace the MD5 with password_hash on the same place? — Gandalf, Jan 15 '16 at 11:52
There is a little bit more to it than that, the manual would be a good place to start: http://php.net/manual/en/function.password-hash.php I would like to give you a bit more information on it, but I don't have the time right now, — Mikey, Jan 15 '16 at 12:29

score 0 · Answer 2 · edited May 23 '17 at 10:27

0

Its just a typo I think, you create 2 variables called $username and $password but you are not using them in the query, the query is using $gebruikersnaam and $wachtwoord, which of course have not been defined.

So amend the query to this

if(isset($_POST['login'])){

    $username =mysql_real_escape_string( $_POST['naam']);
    $password =md5( $_POST['wacht']);

    $check_user = "SELECT * 
                   FROM users 
                   WHERE gebruikersnaam='$username' 
                     AND wachtwoord='$password'";

    $run =mysql_query($check_user);

    if(mysql_num_rows($run)>0){

    $_SESSION['naam']=$gebruikersnaam;

        echo "<script>window.open('welkom.php','_self')</script>";
}

Additional Note:

Please dont use the mysql_ database extension, it is deprecated (gone for ever in PHP7) Especially if you are just learning PHP, spend your energies learning the PDO or mysqli_ database extensions, and here is some help to decide which to use

edited May 23 '17 at 10:27

Community

1
1

answered Jan 15 '16 at 11:51

RiggsFolly

93,638
21
103
149

can i simply replace the msql with mysli? – Gandalf Jan 15 '16 at 11:56
No I am afraid it is not quite that simple – RiggsFolly Jan 15 '16 at 11:57
yea, i have been reading now and it's really complex for me i was just getting the hang of mysql so yea.... – Gandalf Jan 15 '16 at 12:01
The problem is the `mysql_` extension no longer exists in the new PHP7. So any code you write with `mysql_` will not run on that version of PHP. There is unfortunately nothing to do other than learn either `mysqli_` or `PDO` before you waste any more time on the `mysql_` extension – RiggsFolly Jan 15 '16 at 12:03

Notice: Undifined variable: [value]

2 Answers2