Undefined variable?

Question

I'm getting an undefined variable error for $id variable in lines 15 & 21, could someone please explain why? I can't see what the problem is.

<?php
function userIsLoggedIn()
{
    if (isset($_POST['action']) and $_POST['action'] == 'login')
    {
        if (!isset($_POST['email']) or $_POST['email'] == '' or
            !isset($_POST['password']) or $_POST['password'] == '')
        {
            $GLOBALS['loginError'] = 'Please fill in both fields';
            return FALSE;
        }
        $password = md5($_POST['password'] . 'chainfire db');

        if (databaseContainsAuthor($_POST['email'], $password, $id))
        {   
        include 'db.inc.php';
            session_start();
            $_SESSION['loggedIn'] = TRUE;
            $_SESSION['email'] = $_POST['email'];  
            $_SESSION['password'] = $password;
            $_SESSION['id'] = $id;
            return TRUE;
        }
        else
        {
            session_start();
            unset($_SESSION['loggedIn']);
            unset($_SESSION['email']);
            unset($_SESSION['password']);
            unset($_SESSION['id']);
            $GLOBALS['loginError'] = 'The specified email address or password was incorrect.';
            return FALSE;
        }
    }
    if (isset($_POST['action']) and $_POST['action'] == 'logout')
    {
        session_start();
        unset($_SESSION['loggedIn']);
        unset($_SESSION['email']);
        unset($_SESSION['password']);
        unset($_SESSION['id']);
        header('Location: ' . $_POST['goto']);
        exit();
    }
    session_start();
    if (isset($_SESSION['loggedIn']))
    {
        return databaseContainsAuthor($_SESSION['email'], $_SESSION['password'], $_SESSION['id']);
    }
}
function databaseContainsAuthor($email, $password, $id)
{
    include 'db.inc.php';

    $email = mysqli_real_escape_string($link, $email);
    $password = mysqli_real_escape_string($link, $password);

    $sql = "SELECT COUNT(*) FROM author
            WHERE email='$email' AND password='$password'";
    $result = mysqli_query($link, $sql);

    if (!$result)
    {
        $error = 'Error searching for author.';
        include 'error.html.php';
        exit();
    }
    $row = mysqli_fetch_array($result);

    $sql = "SELECT id FROM author 
            WHERE email='$email'"; 
    $id = mysqli_query($link, $sql);
    if (!$id)
    {
        $error = 'Error searching for id.';
        include 'error.html.php';
        exit();
    }    

    if ($row[0] > 0)
    {
        return TRUE;
    }
    else
    {
        return FALSE;
    }
}

The variable $id is defined in databaseContainsAuthor($email, $password, $id), then stored in the $_SESSION['id'] session so naturally $id = mysqli_query($link, $sql); should have passed but it's not?

possible duplicate of ["Notice: Undefined variable" and "Notice: Undefined index"](http://stackoverflow.com/questions/4261133/php-notice-undefined-variable-and-notice-undefined-index) — animuson, Apr 22 '13 at 15:11

score 2 · Answer 1 · answered Aug 06 '11 at 16:27

Variables changed (or defined) inside a function will not affect the rest of the script. For example:

<?php
function changeVariabe($person) {
    $person = 'Bob';
}
$person = 'Alice';
changeVariable($person);
echo "Hello $person!"; // Outputs: Hello Alice!

This can be avoided by passing the variable by reference, like this:

<?php
function changeVariabe(&$person) {
    $person = 'Bob';
}
$person = 'Alice';
changeVariable($person);
echo "Hello $person!"; // Outputs: Hello Bob!

You can also use global variables, like this:

<?php
function changeVariabe() {
    global $person;
    $person = 'Bob';
}
$person = 'Alice';
changeVariable();
echo "Hello $person!"; // Outputs: Hello Bob!

score 1 · Accepted Answer · answered Aug 06 '11 at 16:29

1

a few things the variable $id should be defined (not required but good practice) before you use it

so for example

$id = NULL;
if (databaseContainsAuthor($_POST['email'], $password, $id))

also setting the $id inside the databaseContainsAuthor function doesn't mean that $id will change outside the scope of that function.

You could make it global but that is considered bad practice

also your function databaseContainsAuthor

contains this code

if ($row[0] > 0)
{
    return TRUE;
}
else
{
    return FALSE;
}

which will return TRUE or FALSE. but note that once the code returns a value, none of the code after it will be run

which means this part might as well be commented out, as it is after the return statement it will never be run

$sql = "SELECT id FROM author 
            WHERE email='$email'"; 

    $id = mysqli_query($link, $sql);
    if (!$id)
    {
        $error = 'Error searching for id.';
        include 'error.html.php';
        exit();
    }

answered Aug 06 '11 at 16:29

bumperbox

10,166
6
43
66

Thank you, the reason for the $id variable is to store the authors id in a session() so I can link the id with articles the author submits. If there is a better way to store the current user's id, that's the current logged in user, in a session(), I'm all for it. – rumspringa00 Aug 06 '11 at 16:48
what you are trying to do is fine, put the if/return statements after the bit of the code that assigns $id = mysqli..... change this function definition to databaseContainsAuthor($email, $password, &$id) – bumperbox Aug 06 '11 at 21:54
I did what you suggested but I'm still getting undefined variable error for $id in lines 14, 21. Any thoughts? Op is updated with revised code. Thanks. – rumspringa00 Aug 07 '11 at 08:46
did you change this bit? function databaseContainsAuthor($email, $password, &$id) notice the & infront of $id – bumperbox Aug 07 '11 at 09:27
That was it, thanks again! Now I just have to find a way to reference $id in a query for my index.php.. This is where I get lost, I'm used to javascript. – rumspringa00 Aug 07 '11 at 09:40

Undefined variable?

2 Answers2