How to avoid notice in php when one of the conditions is not true

Question

I've notice that when one of the two conditions in a php if statement is not true. You get an undefined index notice for the statement that is not true. And the result in my case is a distorted web page. For example, this code:

<?php
session_start();

if (!isset($_SESSION['loginAdmin']) && ($_SESSION['loginAdmin'] != '')) {
    header ("Location: loginam.php");
} else {
    include('head2.php');
}



if (!isset($_SESSION['login']) && ($_SESSION['login'] != '')) {
    header ("Location: login.php");
} else {
    include('head3.php'); 
}
?>    

If one of the if statements is not true. The one that is not true will give you a notice that it is undefined. In my case it says that the session 'login' is not defined. If session 'LoginAdmin' is used. What can you recommend that I would do in order to avoid these undefined index notice.

EDIT This is where I check if the entered information is correct, for those who are asking. It always redirects to the login page even if the login information is correct:

$uname = mysql_real_escape_string($_POST['ausername']);
        $pword = mysql_real_escape_string($_POST['apassword']);
        $idnam= mysql_real_escape_string($_POST['aydi']);

        $SQL = "SELECT * FROM admin WHERE  ID= '$idnam' AND admin = '$uname' AND admin_password = '$pword'";
        $result = mysql_query($SQL);
        $num_rows = mysql_num_rows($result);



        if ($result) {
            if ($num_rows > 0) {
                session_start();
                $_SESSION['loginAdmin'] = "1";
                header ("Location: ampage.php");
            }
            else {
                session_start();
                $_SESSION['loginAdmin'] = "";
                header ("Location: loginam.php");
            }   
        }
        else {
            $errorMessage = "Error logging on, please try again.";
        }

Answer 1

Your condition is wrong, it should be:

if (!isset($_SESSION['loginAdmin']) || ($_SESSION['loginAdmin'] == '')) {
    header ("Location: loginam.php");
} else {
    include('head2.php');
}

And:

if (!isset($_SESSION['login']) || ($_SESSION['login'] == '')) {
    header ("Location: login.php");
} else {
    include('head3.php'); 
}

replaced && with || and != with ==

You get an undefined index notice for the statement that is not true.

That's not the case, you get notice messages when you have some variables undefined. You can avoid this be using suppression operator @ but it is not a good idea to use that because it slows down performance.

Also you can hide notice messages by putting this on top of your script:

error_reporting(E_ALL ^ E_NOTICE);

But again while on development, you must be aware of all errors and notices so this is not a good idea again unless you are sure what you are doing.

Answer 2

1) Use || (OR)instead of && (AND).
2) change != to ==

Answer 3

Don't you want isset($_SESSION['login']) instead (without "!")?

if (!isset($_SESSION['login']) && ($_SESSION['login'] != '')) {

It doesn't make much sense to test if $_SESSION['login'] if you already know it's not set. If you remove the "!", it eliminates the notice because isset silences it and the second condition will never be evaluated when the index is not set.

Answer 4

I think you meant this:

if (isset($_SESSION['loginAdmin']) && $_SESSION['loginAdmin'] != '') {
    //variable exists and is not empty
    include('head2.php');
} else {
    //variable does not exist or is empty
    header ("Location: loginam.php");
}

Answer 5

If the session is not set (!isset($_SESSION['loginAdmin'])) then the second condition in the if statements are really unnecessary, because they will never be true. You cannot have an undefined variable (the first condition) with a value (the second condition).

The error occurs because the variable you're testing in the second condition (after the &&) does not exist.

Try this:

<?php
session_start();

if (!isset($_SESSION['loginAdmin'])) {
    header ("Location: loginam.php");
    exit;
} else {
    include('head2.php');
}



if (!isset($_SESSION['login'])) {
    header ("Location: login.php");
    exit;
} else {
    include('head3.php'); 
}
?>

I included exit after your header calls because otherwise the code will continue running, probably causing undefined behavior.

Answer 6

Your conditions are weird.
for example: !isset($_SESSION['login']) && ($_SESSION['login'] != '')
First, you check wether 'login' is NOT set in the session variable !isset($_SESSION['login'])
So if it is not set you will also check the second condition, in which you try to access the 'login' index, which isn't set.

Maybe you mean this condition?
if (!isset($_SESSION['login']) || ($_SESSION['login'] == ''))
If login is not set, OR it is empty, redirect to login
otherwise redirect to head 3.

Answer 7

A quick example of operator evaluation:

function returnFalse() { echo "returning false\n"; return false; }
function returnTrue() { echo "returning true\n"; return true; }

echo "false && true\n";
if (returnFalse() && returnTrue()) {
    echo "True!\n";
} else {
    echo "False!\n";
}

echo "\ntrue && false\n";
if (returnTrue() && returnFalse()) {
    echo "True!\n";
} else {
    echo "False!\n";
}

echo "\ntrue && true\n";
if (returnTrue() && returnTrue()) {
    echo "True!\n";
} else {
    echo "False!\n";
}

This experiment demonstrates that the && operator can only short-circuit if the first operand is false. Let's examine where the code fails.

if (!isset($_SESSION['login']) && ($_SESSION['login'] != '')) {
    header ("Location: login.php");
} else {
    include('head3.php'); 
}

The condition, in words, is this: if $_SESSION['login'] does not exist, and $_SESSION['login'] is not an empty string. We can never, ever want to access a key that does not exist in the $_SESSION array, and we know the && operator will only short-circuit if its left operand is false.

The left operand is $_SESSION['login'] does not exist. This is true if $_SESSION['login'] does not exist, meaning the && operator must look to the right operand to see if it is also true. Now && looks at the condition $_SESSION['login'] is not an empty string. Whoops! This condition accesses $_SESSION['login'] which we have already, at this point, determined doesn't exist!

Answer 8

if the sesion variable loginAdmin is not set then you don't want to evaluate the second condition where you check if it is an empty string. You can use short-circuit evaluation to help you here. Change your code to

<?php
session_start();

if (!isset($_SESSION['loginAdmin']) || ($_SESSION['loginAdmin'] == '')) {
    header ("Location: loginam.php");
} else {
    include('head2.php');
}



if (!isset($_SESSION['login']) || ($_SESSION['login'] == '')) {
    header ("Location: login.php");
} else {
    include('head3.php'); 
}
?>