PHP - Undefined variable

Question

I'm doing some exercises from Beginners PHP & MySQL by Mr. Tucker.

On his example everything works fine, but on my PC there is an error:

Notice: Undefined variable: passwordRetrieved in C:\wamp\www\loginForm.php on line 39

Full PHP code for this example:

• Please note the table does exist, and password, connection to the DB, etc... are correct

  <?php
      {
          // Secure Connection Script
          include('htconfig/dbConfig.php');
  
          $dbSuccess = false;
          $dbConnected = mysql_connect($db['hostname'], $db['username'], $db['password']);
  
          if ($dbConnected) {
              $dbSelected = mysql_select_db($db['database'], $dbConnected);
              if ($dbSelected) {
                  $dbSuccess = true;
              }
          }
          // END Secure Connection Script
      }
  
      $thisScriptName = "loginForm.php";
  
      echo '<h2>Login Form </h2>';
  
      $username = $_POST['username'];
  
      if(isset($username)) {
          $password = $_POST['password'];
          echo "username = " . $username . "<br />";
          echo "password = " . $password . "<br />";
  
          {
              // SELECT password for this user from the DB and see it it matches
              $tUser_SQLselect = "SELECT password FROM tUser ";
              $tUser_SQLselect .= "WHERE username = '" . $username . "' ";
  
              $tUser_SQLselect_Query = mysql_query($tUser_SQLselect);
              while ($row = mysql_fetch_array($tUser_SQLselect_Query, MYSQL_ASSOC)) {
                  $passwordRetrieved = $row['password'];
              }
              mysql_free_result($tUser_SQLselect_Query);
  
              echo "passwordRetrieved = ".$passwordRetrieved."<br />";
  
              if (!empty($passwordRetrieved) AND ($password == $passwordRetrieved)) {
  
                  echo "YES. Password matches.<br /><br />";
                  echo '<a href="' . $thisScriptName . '">Logout</a>';
              }
              else {
                  echo "Access denied.<br /><br />";
                  echo '<a href="' . $thisScriptName . '">Try again</a>';
              }
          }
      }
      else {
  
          echo '<form name="postLoginHid" action="' . $thisScriptName . '" method="post">';
                  echo '
                      <P>User name:
                      <INPUT TYPE=text NAME=username value=""></P>
                      <P>Password:
                      <INPUT TYPE=password NAME=password value=""></P>
                      <input type="submit"  value="Login" />
                  ';
          echo '</form>';
      }
  
      echo '<h2>--------- END Login Form --------</h2>';
  ?>
  

Answer 1

That's because your query returned nothing and your

while ($row = mysql_fetch_array($tUser_SQLselect_Query, MYSQL_ASSOC)) {

didn't fill

$passwordRetrieved

You can disable E_NOTICE notices because it's not something that would hurt

Or add

$passwordRetrieved = "";

before your

while ($row = mysql_fetch_array($tUser_SQLselect_Query, MYSQL_ASSOC)) {

Answer 2

while ($row = mysql_fetch_array($tUser_SQLselect_Query, MYSQL_ASSOC)) {
  $passwordRetrieved = $row['password'];
}

this is the only place where a value may be assigned to the variable $passwordRetrieved.
If there is no record in the result set the body of the while-loop is never executed and therefore no value ever is assigned to $passwordRetrieved and therefore $passwordRetrieved does not exist/is undefined at line 39 -> Notice: Undefined variable: passwordRetrieved in C:\wamp\www\loginForm.php on line 39.

Answer 3

You are trying to access the variable $passwordRetrieved when it has not yet been given a value. The access is done here:

echo "passwordRetrieved = ".$passwordRetrieved."<br />";

The variable would be set just above:

while ($row = mysql_fetch_array($tUser_SQLselect_Query, MYSQL_ASSOC)) {
    $passwordRetrieved = $row['password'];  // VARIABLE SET HERE
}

The important thing is that the variable only gets set if the query returns a matching row (i.e., on a successful login). If the login is not valid, the variable is not set.

To check if a variable is set without getting a notice, you would use either isset or empty (there are subtle differences, but as a rule of thumb you can use either most of the time). Your code actually already does this just below:

// Checking if $passwordRetrieved has been set using empty()
if (!empty($passwordRetrieved) AND ($password == $passwordRetrieved)) {

Answer 4

If your query returned no results, then $passwordRetrieved is undefined (just like the message says).

You should throw an error when you couldn't find any users with username=$username (which is also an invalid login).

Answer 5

You simply use an undefined variable. If your while loop doesn't work your variable steel is undefined, so you obtain an error :)

Answer 6

Just before while where you set variable $passwordRetrieved declare it so it should look like this:

$tUser_SQLselect_Query = mysql_query($tUser_SQLselect);
$passwordRetrieved = "";


while ($row = mysql_fetch_array($tUser_SQLselect_Query, MYSQL_ASSOC)) {
    $passwordRetrieved = $row['password'];
}

Answer 7

Do a check using mysql_num_rows($result) to make sure you actually got something.

Answer 8

You should define $passwordRetrieved before using it. This notice does not affect it at all.

To avoid this, define it:

$thisScriptName = "loginForm.php";

$passwordRetrieved;

Answer 9

As this question has already been answered, I would also add instead of using mysql_fetch_array with the MYSQL_ASSOC parameter, you can just use mysql_fetch_assoc() :)