Undefined variable $respond

Question

This is an API. When Phone number duplication enter it gives error Undefined variable: "$respond ".I don't know why this error occur.

<?php
    
    header('Access-Control-Allow-Origin: *');
    header('Content-type: application/json');
    include'../admin/includes/connection.php';
    $msg = '';
    if (isset($_GET['phone']) && isset($_GET['password'])) {
    
        $name = mysqli_real_escape_string($con, $_GET['name']);
        $email = mysqli_real_escape_string($con, $_GET['email']);
        $password = mysqli_real_escape_string($con, $_GET['password']);
        $about = $_GET['about'];
        $phone = mysqli_real_escape_string($con, $_GET['phone']);
        $category = mysqli_real_escape_string($con, $_GET['speciality']);
    //                $tags = mysqli_real_escape_string($con, $_POST['tags']);
        $city = mysqli_real_escape_string($con, $_GET['city']);
        $area = mysqli_real_escape_string($con, $_GET['area']);
        $whatsapp = mysqli_real_escape_string($con, $_GET['whatsapp']);
        $fb_link = mysqli_real_escape_string($con, $_GET['fb_link']);
        $default_sort_id = 50;
    //                $image = 'img/avatardefault.png';
        $verification_status = 0;
    
    //    $db->check_public_email($con, $email);
    
        $dup = mysqli_query($con, "SELECT `phone` FROM `public_users` WHERE `phone` = '" . $phone . "'");
        if (mysqli_num_rows($dup) > 0) {
            $msg = 'This Phone Number address already exist !';
        } else {
            if (empty($phone) || empty($password) || empty($city) || empty($name)) {
                $msg = "Phone, City, Category, Name & Category are required.";
            } elseif (strlen($password) < 5) {
                $msg = "Your password should be at least 6 characters long.";
            } else {
                if (isset($_FILES['profileImage']) && $_FILES['profileImage']['size'] > 0) {
    
                    $target_dir = "uploads/";
                    $target_file = $target_dir . basename($_FILES["profileImage"]["name"]);
                    $uploadOk = 1;
                    $imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION));
    
                    $check = getimagesize($_FILES["profileImage"]["tmp_name"]);
                    if ($check !== false) {
                        echo "File is an image - " . $check["mime"] . ".";
                        $uploadOk = 1;
                    } else {
                        echo "File is not an image.";
                        $uploadOk = 0;
                    }
    
    // Check file size
                    if ($_FILES["profileImage"]["size"] > 500000) {
                        echo "Sorry, your file is too large.";
                        $uploadOk = 0;
                    }
                    // Check if $uploadOk is set to 0 by an error
                    if ($uploadOk == 0) {
                        echo "Sorry, your file was not uploaded.";
    // if everything is ok, try to upload file
                    } else {
                        if (move_uploaded_file($_FILES["profileImage"]["tmp_name"], $target_file)) {
    //query
                            $query = mysqli_query($con, "INSERT INTO `public_users`  SET `name` = '" . $name . "', `email` = '" . $email . "',`password` = '" . $password . "',`phone` = '" . $phone . "', `speciality` = '" . $category . "',`tags` = '" . $category . "', `city` = '" . $city . "',`area` = '" . $area . "',`about` = '" . $about . "',`image` = '" . $target_file . "',`verification_status` = '" . $verification_status . "',`fb_link` = '" . $fb_link . "',`whatsapp` = '" . $whatsapp . "',`sort_id` = '" . $default_sort_id . "' ");
    //                                    echo "The file " . htmlspecialchars(basename($_FILES["profileImage"]["name"])) . " has been uploaded.";
                            if (!$query) {
                                $msg = "Your request can't be completed at the moment, please contact the admin support.";
                            } else {
                                $msg = 'True';
                            }
                        } else {
                            echo "Sorry, there was an error uploading your file.";
                        }
                    }
                    $last_id = mysqli_insert_id($con) . '';
                    $respond['message'] = $msg;
    
                    $respond['user'] = array('id' => $last_id, 'sort_id' => $default_sort_id, 'verification_status' => $verification_status, 'name' => $name, 'email' => $email, 'password' => $password, 'image' => $target_file, 'phone' => $phone, 'city' => $city, 'area' => $area, 'speciality' => $category, 'whatsapp' => $whatsapp, 'fb_link' => $fb_link, 'about' => $about);
                } else {
                    $image = 'img/avatardefault.png';
                    $query = mysqli_query($con, "INSERT INTO `public_users`  SET `name` = '" . $name . "', `email` = '" . $email . "',`password` = '" . $password . "',`phone` = '" . $phone . "', `speciality` = '" . $category . "',`tags` = '" . $category . "', `city` = '" . $city . "',`area` = '" . $area . "',`about` = '" . $about . "',`image` = '" . $image . "',`verification_status` = '" . $verification_status . "',`fb_link` = '" . $fb_link . "',`whatsapp` = '" . $whatsapp . "',`sort_id` = '" . $default_sort_id . "' ");
                    if (!$query) {
                        $msg = "Your request can't be completed at the moment, please contact the admin support.";
                    } else {
                        $msg = 'True';
                    }
                    $last_id = mysqli_insert_id($con) . '';
                    $respond['message'] = $msg;
    
                    $respond['user'] = array('id' => $last_id, 'sort_id' => $default_sort_id, 'verification_status' => $verification_status, 'name' => $name, 'email' => $email, 'password' => $password, 'image' => 'https://bingo-agency.com/mrworker/' . $image, 'phone' => $phone, 'city' => $city, 'area' => $area, 'speciality' => $category, 'whatsapp' => $whatsapp, 'fb_link' => $fb_link, 'about' => $about);
                }
            }
        }
    } else {
    
        $respond["message"] = $msg;
    }
    echo json_encode($respond);//Show me error at this line.//
    ?>

while I enter new record it have not show error, But if I enter same phone number as already exist it will show error. It show me error Undefined variable: "$respond".I don't know why this error occur.

Please help me!

Your code is vulnerable to sql injection and is not easy to read but it looks like when the code checks for duplicate email `if (mysqli_num_rows($dup) > 0) {` it then leaves the logic flow and tries to output the json_encoded variable - try declaring `$respond` at the top of the script — Professor Abronsius, Aug 12 '22 at 07:50
As error said you have to define $respond above like: `$respond = array();` — Vüsal Hüseynli, Aug 12 '22 at 08:04

score 0 · Answer 1 · answered Aug 12 '22 at 07:49

Your variable is undefined that's why you see this error. In your code you have the first if/else:

   if (isset($_GET['phone']) && isset($_GET['password'])) {

And as a fallback you define the $respond variable in your else statement;

Coming to your question though your if that checks if the phone numbers exists sets correctly the variable $msg but does not set it in the $respond array.

if (mysqli_num_rows($dup) > 0) {
            $msg = 'This Phone Number address already exist !';
        }

This if causes the error because all the other else statements set the variable correct. An easy solution is:

if (mysqli_num_rows($dup) > 0) {
            $respond['message'] = 'This Phone Number address already exist !';
        }

Undefined variable $respond

1 Answers1