0

This is my index file,

<?php
include 'db.php';
$form = read('form');
//echo '<pre>';
//print_r($forms);
?>
<!doctype html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport"
          content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <title></title>
</head>
<body>
<form action="store.php" method="post">
    <label>
        Username:
        <input type="text" placeholder="username" name="username">
    </label>
    <label>
        Password:
        <input type="text" placeholder="password" name="password">
    </label>
    <label>
        Email:
        <input type="text" placeholder="email" name="email">
    </label>
    <button type="submit" name="submit">
        submit
    </button>
</form>
<table>
    <?php foreach ($form as $user): ?>
        <tr>
            <?php foreach ($user as $item) {
                echo '<td>' . $item . '</td>';
            } ?>
        </tr>
    <?php endforeach; ?>
</table>
</body>

and this is my db connection file that reads the database:

<?php
$servername = "localhost";
$username = "root";
$password = "mhimlaA#1";

try {
    $conn = new PDO("mysql:host=$servername;dbname=mydb", $username, $password);
    // set the PDO error mode to exception
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//    echo "Connected successfully";
} catch (PDOException $e) {
    echo "Connection failed: " . $e->getMessage();
}
function read($where = '')
{
    global $conn;
    $sql = "SELECT * FROM `form` $where LIMIT 1000;";
    $stm = $conn->prepare($sql);
    $stm->execute();
    return $stm->fetchAll(PDO::FETCH_ASSOC);
}

I have weird problem in here that PhpStorm shows an error on $conn in the store file. I'm using this file to insert the input text to database:

<?php
print_r($_POST);
unset($_POST['submit']);
include 'db.php';
$form = read('form');
$sql = "INSERT INTO mydb.form(username, password, email) VALUES (:username,:password,:email)";
$stm = $conn->prepare($sql);
$stm->execute($_POST) or die($conn->errorInfo());
header('location: index.php');

enter image description here

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
Amir Hossein Shirazi
  • 11
  • 1
  • You need to declare $conn as a global to use it – Elias Soares Jan 16 '22 at 14:53
  • Why do you have `or die($conn->errorInfo())`? – Dharman Jan 16 '22 at 14:55
  • Why do you have `$conn->prepare($sql);` in `read()`? – Your Common Sense Jan 16 '22 at 14:59
  • 1
    **Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) – Dharman Jan 16 '22 at 15:00

1 Answers1

1

PHPStorm is correct. $conn can be undefined if there was a problem connecting to the database. The actual issue is your poor error handling. Never try-catch exceptions if you don't know what to do with them. You are following cargo cult.

You need to either remove the try-catch or throw an exception in the catch block if you really want to prevent credential leak in error logs.

try {
    $conn = new PDO("mysql:host=$servername;dbname=mydb", $username, $password);
    // set the PDO error mode to exception
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//    echo "Connected successfully";
} catch (PDOException $e) {
    throw new \PDOException($e->getMessage(), (int) $e->getCode());
}

You should also remove useless bits of code such as or die($conn->errorInfo())

Dharman
  • 30,962
  • 25
  • 85
  • 135
  • 1
    That's not all. By default PhpStorm does not check for variables defined in include/requires files (only checks in current file). For `$conn` to be recognized OP would need to enable `Search for variable's definition outside the current file` option of `Undefined variable` inspection. More here: https://youtrack.jetbrains.com/issue/WI-64888#focus=Comments-27-5694185.0-0 – LazyOne Jan 16 '22 at 15:02
  • i deleted the try catch and the or die($conn->errorInfo()) that you mentioned but the conn steel have the undefined error in the store.php the(image file). – Amir Hossein Shirazi Jan 16 '22 at 15:15