Notice: Undefined variable: first in C:\xampp\htdocs\php-databases\my-profile.php on line 25, undefined initialized variables

Question

I have a bunch of undefined variables, for all the variables of a profile page I'm trying to create.

I thought i had defined them previously, as seen below. I looked on similar posts, but initializing the variables does not seem to be working either(I tried with $first as you can see). I'm a newcomer to php, so any help would be greatly appreciated :)

<?php
include_once 'Header.php';
?>


<?php
$uid = (isset($conn, $_POST['user_uid']) ? $_POST['user_uid'] : '');
$result = mysqli_query($conn, "SELECT * FROM users where user_uid='$uid'");  
while($row = mysqli_fetch_array($result))  
    { 
    $first= "";
    $first = $_POST['first'] ?? '';
    $last= mysqli_real_escape_string($conn, $_POST['last']);
    $city= mysqli_real_escape_string($conn, $_POST['city']);
    $country= mysqli_real_escape_string($conn, $_POST['country']);
    }
?>


<?php
include_once 'Footer.php';
?>

<table width="398" border="0" align="center" cellpadding="0">
<tr>
<td height="26" colspan="2">Your Profile Information </td>
<td><div align="right"><a href="index.php">logout</a></div></td>
</tr>
<tr>
<td width="129" rowspan="5"><img src="<?php echo $picture ?>" width="129" 
height="129" alt="no image found"/></td>
<td width="82" valign="top"><div align="left">FirstName:</div></td>
<td width="165" valign="top"><?php echo $first ?></td>
 </tr>
 <tr>
<td valign="top"><div align="left">LastName:</div></td>
<td valign="top"><?php echo $last ?></td>
 </tr>
<tr>
<td valign="top"><div align="left">City:</div></td>
<td valign="top"><?php echo $city ?></td>
</tr>
<tr>
<td valign="top"><div align="left">Country:</div></td>
<td valign="top"><?php echo $country ?></td>
</tr>
 </table>
 <p align="center"><a href="index.php"></a></p>

Signup form:

<?php
include_once 'Header.php';
?>

 <section class="main-container"> 
<div class="main-wrapper">
    <h2>Sign Up</h2>
    <form class="signup-form" action="includes/signup-inc.php" method="POST">
    <div class="mainbox">
    <div class="btncontainer">
    <input id="radbtn1" type="radio" name="type" value="Guide" checked><br>
    <label for="radbtn1"><span class="radio">Client</span></label>
    </div>
    </div>
    <div class="mainbox">
    <div class="btncontainer">
    <input id="radbtn2" type="radio" name="type" value="Trainer"><br>
    <label for="radbtn2"><span class="radio">Trainer</span></label>
    </div>
    </div>
        <input type="text" name="first" placeholder="Firstname">
        <input type="text" name="last" placeholder="Lastname">
        <input type="text" name="email" placeholder="E-mail">
        <input type="text" name="uid" placeholder="Username">
    <input type="password" name="pwd" placeholder="Password">
    <input type="text" name="street" placeholder="Street(not visible)">
    <input type="text" name="postcode" placeholder="Postcode(not visible)">
    <input type="text" name="city" placeholder="City(not visible)">
    <input type="text" name="region" placeholder="Region">
    <input type="text" name="country" placeholder="Country">
    <input type="text" name="phonenumber" placeholder="Phone number(not 
    visible)">

        <button type="submit" name="submit">Sign Up!</button>
   </form>

   </div>
   </section>

   <?php
    include_once 'Footer.php';
    ?>

Please put a bit more effort in trying to present your problem in a _reproducible_ way. Right now what you have shown does not even _have_ 25 lines, so if you just quote an error message saying _“in [...]\my-profile.php on line 25”_ that still leaves stuff rather unclear. Please go read [mcve]. — CBroe, Jul 30 '18 at 10:50
If your code doesn't go into the `while` loop then `$first` won't be defined later. Check that you actually find a match before assuming everything is OK. — Nigel Ren, Jul 30 '18 at 10:50
Is this a full code? $first is not called anywhere in your code, show us the code where you call $first first. — Sugumar Venkatesan, Jul 30 '18 at 10:52
The whole code as shown has several logical issues ... like filling $uid based on `isset($conn, $_POST['user_uid'])`, but then proceeding with a database query in the next line regardless of that variable is now properly filled or even whether a database connection exists in the first place; the only value you are actually dynamically inserting into the query does _not_ get secured against SQL injection, but instead `mysqli_real_escape_string` is used later on, — CBroe, Jul 30 '18 at 10:56
[…] on values that don’t seem to be used in a database context any more; use of a while loop that will either overwrite values if it runs multiple times, or would be rather pointless to begin with if at most one result record is to be expected ... — CBroe, Jul 30 '18 at 10:56

score 1 · Answer 1 · answered Jul 30 '18 at 10:52

1

When accessing an array item, (as is $_POST), the access will try to directly access the element without first checking if it exists.

You need to check it:

$first = isset($_POST['first'] ) ? $_POST['first'] : ' ';

If you're using a framework, try using its request object to fetch the value.

answered Jul 30 '18 at 10:52

bear

11,364
26
77
129

done that, get the same error :( – akemedis Jul 30 '18 at 10:56
What's different to using `$_POST['first'] ?? ''` as in the existing code OP is using? – Nigel Ren Jul 30 '18 at 11:04

score 0 · Answer 2 · answered Jul 30 '18 at 10:53

You shouldn't use GLOBALS directly. Try https://symfony.com/doc/current/components/http_foundation.html

<?php
$request = Request::createFromGlobals();
$uid = $request->get('user_uid', '');

$result = mysqli_query($conn, "SELECT * FROM users where user_uid='$uid'");  

while($row = mysqli_fetch_array($result))  
{ 
    $first = $request->get('first');
    $last = mysqli_real_escape_string($conn, $request->get('last'));
    $city = mysqli_real_escape_string($conn, $request->get('city'));
    $country = mysqli_real_escape_string($conn, $request->get('country']));
}
?>

Another issue, use of mysqli_real_escape_string isn't that secure as you think and wrongly configured on the server side can create few problems. You should try to use prepared statement.

Sugumar Venkatesan · Accepted Answer · 2018-07-30T11:41:42.923

0

this is the problem, in

<td width="165" valign="top"><?php echo $first ?></td>

$first don't have value

Assign $first some value before while loop

You are declaring the value inside while loop,

while($row = mysqli_fetch_array($result))  
    { 
    $first= "";
}

If in case while loop fails, $first =''; will not be called,

In your case code inside while is not executed,

So

change your code

$first='';
while($row = mysqli_fetch_array($result)){
    // your code
}

I don't know what this is going to do:

$uid = (isset($conn, $_POST['user_uid']) ? $_POST['user_uid'] : '');

but I will change it to

$uid = isset($conn, $_POST['user_uid']) ? $_POST['user_uid'] : '';

And check whether $uid is not empty, and only if $uid is not empty proceed

if(!empty($uid)){
   $result = mysqli_query($conn, "SELECT * FROM users where user_uid='$uid'");  
   while($row = mysqli_fetch_array($result))  
   { 
       $first = $_POST['first'] ?? '';
       $last= mysqli_real_escape_string($conn, $_POST['last']);
       $city= mysqli_real_escape_string($conn, $_POST['city']);
       $country= mysqli_real_escape_string($conn, $_POST['country']);
   }
}

and print only if there is a value for $first, $last,$city and $country

<?php if(!empty($first)){?>
<tr>
<td width="82" valign="top"><div align="left">FirstName:</div></td>
<td width="165" valign="top"><?php echo $first ?></td>
 </tr>
<?php } if(!empty($last)){?>
 <tr>
<td valign="top"><div align="left">LastName:</div></td>
<td valign="top"><?php echo $last ?></td>
 </tr>
<?php } if(!empty($city)){?>
<tr>
<td valign="top"><div align="left">City:</div></td>
<td valign="top"><?php echo $city ?></td>
</tr>
<?php } if(!empty($country)){?>
<tr>
<td valign="top"><div align="left">Country:</div></td>
<td valign="top"><?php echo $country ?></td>
</tr>
<?php } ?>

edited Jul 30 '18 at 11:41

answered Jul 30 '18 at 10:59

Sugumar Venkatesan

4,019
8
46
77

that did something interesting, i now have no error messages, however, no data has been displayed from the database? its left as blank – akemedis Jul 30 '18 at 11:09
Check whethere you have value in $_POST['user_uid'] check my code – Sugumar Venkatesan Jul 30 '18 at 11:12
probably you dont have value in $uid – Sugumar Venkatesan Jul 30 '18 at 11:18
i definitely have values for $uid in the database, so i used the code you suggested (thanks for the help!), and its throwing up undefined variable errors for each time they're called in the html code – akemedis Jul 30 '18 at 11:32
echo $uid; before while loop – Sugumar Venkatesan Jul 30 '18 at 11:33
oh okay, so now nothing shows up, so that means it isnt finding any values so it doesn't print, do you know why this could be?? (thankyou!) – akemedis Jul 30 '18 at 11:51
do you use form? show the form page – Sugumar Venkatesan Jul 30 '18 at 11:55
yep, ive put up the html signup page – akemedis Jul 30 '18 at 12:00
you dont have any input values for user_uid – Sugumar Venkatesan Jul 30 '18 at 12:05
user_uid is what i named the column for uid (ie.username) in the database, maybe I'm not supposed to be using that? – akemedis Jul 30 '18 at 12:14
I think you need to learn some php – Sugumar Venkatesan Jul 30 '18 at 12:34
very true hahaha, turns out all i needed to do was say for example, for firstname : $first = $_SESSION['u_first'];, and then just echo it in html kms haha, thanks for your help though! – akemedis Jul 31 '18 at 08:30

Notice: Undefined variable: first in C:\xampp\htdocs\php-databases\my-profile.php on line 25, undefined initialized variables

3 Answers3