tags:

views:

54

answers:

6
Q: 

PHP & MySQL - Undefined variable problem?

I keep getting the following error Undefined variable: password on line 33 how do I correct this problem? So this error will stop showing.

Here is the php code.

$first_name = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['first_name']))));
$password1 = mysqli_real_escape_string($mysqli, $purifier->purify(strip_tags($_POST['password1'])));
$password2 = mysqli_real_escape_string($mysqli, $purifier->purify(strip_tags($_POST['password2'])));




// Check for a password and match against the confirmed password:
if ($password1 == $password2) {
    $sha512 = hash('sha512', $password1);
    $password = mysqli_real_escape_string($mysqli, $sha512);
} else {
    echo '<p class="error">Your password did not match the confirmed password!</p>';
}



//If the table is not found add it to the database
if (mysqli_num_rows($dbc) == 0) {
        $mysqli = mysqli_connect("localhost", "root", "", "sitename");
        $dbc = mysqli_query($mysqli,"INSERT INTO users (user_id, first_name, password) 
                                     VALUES ('$user_id', '$first_name', '$password')");
}



//If the table is in the database update each field when needed
if ($dbc == TRUE) {
        $dbc = mysqli_query($mysqli,"UPDATE users 
                                     SET first_name = '$first_name', password = '$password' 
                                     WHERE user_id = '$user_id'");

        echo '<p class="changes-saved">Your changes have been saved!</p>';

}
A: 

As you can see, the database insert is done whether the first if() was true or false. If it's false ($password1 and $password2 doesn't match), $password won't be defined.

jholster  2010-04-05 20:03:33
A: 

If this condition fails:

 if ($password1 == $password2) {

$password will not get defined, raising an error in one of the lines it is used in later.

Pekka  2010-04-05 20:03:37
+1  A: 

There's only one place where a value is assigned to $password

if ($password1 == $password2) {
    $sha512 = hash('sha512', $password1);
    $password = mysqli_real_escape_string($mysqli, $sha512);
}

So, if the condition isn't met there will be no $password. And in that case it doesn't make sense to perform the UPDATE query anyway.

VolkerK  2010-04-05 20:03:41
well then it should display `echo '<p class="error">Your password did not match the confirmed password!</p>';` instead of an error.
TaG  2010-04-05 20:05:45
But the script will continue with an undefined password...
Buggabill  2010-04-05 20:07:45
So how do I fix this?
TaG  2010-04-05 20:09:44
Initialize `$password`. Add `$password = '';` above it all.
Buggabill  2010-04-05 20:14:13
Imo there's a lot to fix. E.g. all that `$purifier->purify(htmlentities(strip_tags(...)))` stuff, you seriously should reevaluate that, don't just apply any/everything you can throw at those strings in hope something will do the trick. Do something useful instead, e.g. testing if the password is somewhat "strong". Right now a password like "" or "a" is accepted despite all that mumbojumbo. Or that "if the insert fails try an update" part. Your script should really know whether a new user record is created or an existing record is to be updated at this point.
VolkerK  2010-04-05 20:16:00
+1  A: 

At the top define 

$password = '';

then change the DBC check to

if ($dbc == TRUE && $password != ''){
easement  2010-04-05 20:06:44
A: 

You don't raise an ERROR with an ELSE statement on the $password = ...... line so there is clearly an error there and it's not being defined. The top level if statement is fine, but the error is on the $password declaration line. Do you see how that works?

dscher  2010-04-05 20:09:57
A: 

Instead of retrying the query if the insert fails (presumably because the user_id already exists - you've made that your primary key?), you could use the alternate INSERT INTO ... ON DUPLICATE KEY UPDATE syntax:

INSERT INTO users (user_id, first_name, password) 
VALUES ('$user_id', '$first_name', '$password')
ON DUPLICATE KEY UPDATE
    first_name=VALUES(first_name),
    password=VALUES(password)

On a nitpicky point, your comments say "if the table is not found" and "if the table...". You're not dealing with table creation/modification - you're working with records that are stored in a table.

Marc B  2010-04-05 20:26:12

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL