Error in PHP while inserting or selecting data from Database

Question

I am continuously getting error Undefined index in PHP while trying to login or sign up from my android app. I tried changing the PHP version but it didn't solve the problem. Here is the error I get in error_log :

[28-Aug-2017 15:15:33 America/Denver] PHP Notice:  Undefined index: full_name in /home2/heratarm/public_html/socialnetwork-api/Classes/user.php on line 33
[28-Aug-2017 15:15:33 America/Denver] PHP Notice:  Undefined index: username in /home2/heratarm/public_html/socialnetwork-api/Classes/user.php on line 34
[28-Aug-2017 15:15:33 America/Denver] PHP Notice:  Undefined index: email in /home2/heratarm/public_html/socialnetwork-api/Classes/user.php on line 35
[28-Aug-2017 15:15:33 America/Denver] PHP Notice:  Undefined index: password in /home2/heratarm/public_html/socialnetwork-api/Classes/user.php on line 36
[28-Aug-2017 15:15:57 America/Denver] PHP Notice:  Undefined index: username in /home2/heratarm/public_html/socialnetwork-api/Classes/user.php on line 12
[28-Aug-2017 15:15:57 America/Denver] PHP Notice:  Undefined index: password in /home2/heratarm/public_html/socialnetwork-api/Classes/user.php on line 13

And Here are my PHP codes:

class user
{

public function login()
{
    $data = [];
    require $_SERVER['DOCUMENT_ROOT'].'/socialnetwork-api/Config/db.php';
    $DB = new DB();$db=$DB->connection;
    $username =htmlentities($_POST['username'],ENT_QUOTES,"UTF-8");
    $password =htmlentities($_POST['password'],ENT_QUOTES,"UTF-8");
    $sql = "SELECT * FROM `tbl_users` WHERE `username`='$username' AND `password`='$password'";
    $result = $db->query($sql);
    $result = $result->fetch();
    if($result != null)
    {
        $data["result"]=$result['id'];
    }
    else
    {
        $data["result"]="0";
    }
    echo json_encode($data);
}

public function signup()
{
    $data = [];
    require $_SERVER['DOCUMENT_ROOT'].'/socialnetwork-api/Config/db.php';
    $DB = new DB();$db=$DB->connection;
    $fullname = htmlentities($_POST['full_name'],ENT_QUOTES,"UTF-8");
    $username = htmlentities($_POST['username'],ENT_QUOTES,"UTF-8");
    $email = $_POST['email'];
    $password = htmlentities($_POST['password'],ENT_QUOTES,"UTF-8");
    $sql = "SELECT * FROM `tbl_users` WHERE `username`='$username'";
    $result = $db->query($sql);
    $result = $result->fetch();
    if($result != null)
    {
        $data["result"] = "username";
    }
    else
    {
        $sql = "SELECT * FROM `tbl_users` WHERE `email`='$email'";
        $result = $db->query($sql);
        $result = $result->fetch();
        if($result != null)
        {
            $data["result"] = "email";
        }
        else
        {
            $sql = "INSERT INTO `tbl_users` (`full_name`,`username`,`email`,`password`) VALUES ('$fullname','$username','$email','$password')";
            $result = $db->prepare($sql);
            $result = $result->execute();

            if($result)
            {
                $data["result"]="1";
            }
            else
            {
                $data["result"]="0";
            }
        }
    }
    echo json_encode($data);
}

I hope someone helps me because I am not familiar with PHP so much and I need this for my project in University.

You are wide open to [SQL Injections](http://php.net/manual/en/security.database.sql-injection.php) and should really use [Prepared Statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead of concatenating your queries. `htmlentities()` is _not_ a sufficient way of escaping database values. You shouldn't escape the values using htmlentities() before storing them in the DB at all. You should use htmlentities() before you output the data. — M. Eriksson, Aug 28 '17 at 21:25
**Never store passwords in clear text!**. Only store password hashes! Use PHP's [`password_hash()`](http://php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://php.net/manual/en/function.password-verify.php) . If you're running a PHP version lower than 5.5 (which I _really_ hope you aren't), you can use the [password_compat library](https://github.com/ircmaxell/password_compat) to get the same functionallity. — M. Eriksson, Aug 28 '17 at 21:27
@MagnusEriksson I am running php version 5.6 and I will do what you said but I didn't get the answer to my problem. Can you please tell me specifically why I am getting this error? — Naqib Shayea Qazizadah, Aug 28 '17 at 21:29
Please check the link in the first comment. That explains what that message is. You should also debug your code and check what the `$_POST`-array actually contains and see if the parameters actually are sent like you think they are. — M. Eriksson, Aug 28 '17 at 21:31
@MagnusEriksson The problem is that when I try these codes on localhost like wamp or xampp it is working perfectly but when I put them on real host I get these errors — Naqib Shayea Qazizadah, Aug 28 '17 at 21:52
You still need to debug your request and check if the request is correct and if the data is sent properly. — M. Eriksson, Aug 28 '17 at 23:02

score 0 · Answer 1 · answered Aug 28 '17 at 21:31

The undefined index errors correspond to your use of $_POST within your class. This means that when you call those class functions those values are not set.

Typically if you are going to use $_POST you have a form that calls your PHP script and each form input corresponds to a $_POST value.

For example, if you had a form with an input such as:

<input type="text" name="username" value="">

Then when the user submits the form you can get the value with $_POST['username'].

However, if you have no form submission then you will not have any $_POST values. Hence the undefined index errors.

An alternative approach is to have the values you need passed into the class methods. Then you need to make sure you pass those values when you call the method.

Example:

public function login($username = '', $password = '')
{
    $data = [];
    require $_SERVER['DOCUMENT_ROOT'].'/socialnetwork-api/Config/db.php';
    $DB = new DB();$db=$DB->connection;
    $username =htmlentities($username,ENT_QUOTES,"UTF-8");
    $password =htmlentities($password,ENT_QUOTES,"UTF-8");
    $sql = "SELECT * FROM `tbl_users` WHERE `username`='$username' AND `password`='$password'";
    $result = $db->query($sql);
    $result = $result->fetch();
    if($result != null)
    {
        $data["result"]=$result['id'];
    }
    else
    {
        $data["result"]="0";
    }
    echo json_encode($data);
}

Then you can pass the data in:

$class = new user();
$class->login($username, $password);

It's up to you to then pass in the values for $username and $password.

You don't need a form to post data. If the OP isn't passing the values correctly from the app to his PHP-script, passing them to the method won't really work either. — M. Eriksson, Aug 28 '17 at 21:35

Error in PHP while inserting or selecting data from Database

1 Answers1