I am not sure why I keep getting the error message below(Pleae see the Asterisks )
Notice: Undefined index: myusername

Notice: Undefined index: mypassword

Notice: Use of undefined constant myusername -

Fatal error: Call to undefined function stripslashed()

Here is my code

<form action="Main_login.php" method="post" name="fromLogin">

     <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
 <tr>
<form name="form1" method="post" action="checklogin.php">
 <td>
 <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
 <tr>
 <td colspan="3"><strong>Member Login </strong></td>
 </tr>
 <tr>
 <td width="78">Username</td>
 <td width="6">:</td>
 <td width="294"><input name="myusername" type="text" id="myusername"></td>
 </tr>
 <tr>
 <td>Password</td>
 <td>:</td>
 <td><input name="mypassword" type="text" id="mypassword"></td>
 </tr>
 <tr>
 <td> </td>
 <td> </td>
 <td><input type="submit" name="Submit" value="Login"></td>
 </tr>
 </table>
<?php 
//user name and password sent from the form
  **$username =$_POST["myusername"];
  $password =$_POST['mypassword'];**


  // To protect Mysqli Injection
  **$myusername = stripslashes(myusername);
  $mypassword= stripslashed(mypassword);**
  $myusername = mysql_real_excape_string(myusername);
  $mypassword = mysql_real_excape_string(password);
  $sql = "select * from $stafftbl where username = '$myusername' and 
  password = '$mypassword'";
  $result = mysql_query($sql);

  //mysqli_num_row is counting table row
    $count= $mysql_num_row($result);
    if($count== 1){
  // register $myusername and $mypassword and redirect to login success.php
    section_register("$myusername");
    section_register("$mypassword");
    header("location:login_success.php");
    }
    else {
     echo "Wrong Username or Password";
    }
  ?>
</form>

Thank you for your time

Well, the unidentified index errors occur because (lines 29 and 30) the post data "myusername" and "mypassword" don't exist. My best guess is that that error only occurs before the form is submitted. Now the third error "Use of unidentified constant myusername" is because on line 34 (and other after that) you just put myusername, I assume you meant to use the variable so it would be $myusername.

As for the last error on line 35 you have a typo stripslashed should be stripslashes, hope this helps.

Member Avatar for LastMitch

I am not sure why I keep getting the error message below(Pleae see the Asterisks )

@alobi

Adding what NardCake mention also create a isset() function

You need to used isset() function to see whether it exist.

if(isset($_POST["myusername"]) && isset($_POST['mypassword'])){  
  $username =$_POST["myusername"];
  $password =$_POST['mypassword'];
}    

Oh yes, I forgot to mention the isset, nice catch Mitch!

and also put your php code above html.

What is the section_register() function you use there? Is this a typo? Did you mean to use the session_register() function, or is this a custom function?

If this was meant to be the session_register function, then please note that that function is very outdated and should not be used. (See the examples in the doc entry I linked to.)

You need to used isset() function to see whether it exist.

You can also, in some cases, use the empty() function. Like the isset() funciton, it checks if an element or variable exists, but in addition to that, it checks if it has a "falsy" value; a value that evaluates to false, like a null, an empty string or an empty array. - It can be very useful at times.

and also put your php code above html.

Just to elaborate on this point. The header() call on line 48 attempts to modify the headers of the HTTP response, which can not happen once you start adding content to the body of the response. - Simply put, you can not use the header() function once you start printing things, whether that be inside PHP blocks using echo, or as part of output that exists outside PHP blocks. So the HTML above the PHP block would cause your header() call to fail. Moving the PHP code above the HTML would solve this issue.

That is not to say PHP code must always be above HTML. PHP is always executed long before the HTML is rendered, so in most cases it dosen't really matter. It only matters if the PHP execution affects what HTML is printed, or if printing the HTML affects the PHP execution, like in this case.

I have made all the changes

but I am still getting one error message on line 36
**Fatal error: Call to undefined function mysqli_real_excape_string() in C:\xampp\htdocs\tivoliHotel\main_login.php on line 36
**
al

There is a big difference between mysqli_real_excape_string and mysql_real_excape_string. (Notice the extra i in the first one.)

You aren't using MySQLi (Improved MySQL extension), but rather the old MySQL API extension, so you should be using the one without the extra i.

And on that note, you really should be moving away from the old MySQL API functions, and start using either MySQLi or PDO. Those old functions are deprecated and not recommended for new code.

Just to add to the above, there's a typo in your function. It's mysqli_real_escape_string, not mysqli_real_excape_string (yours has an "x" instead of an "s").

commented: Nice catch. Totally missed that :) +8

You also have another _POST to collect, I don't think it's required, not by a long way, but I usually chck it anyway. Your submit button has the following name: name="Submit" so you can add it to your form processors prereqs:

    if(isset($_POST["myusername"]) && isset($_POST['mypassword']) && isset($_POST['Submit'])){  
      $username =$_POST["myusername"];
      $password =$_POST['mypassword'];
    }   

Actually... why on earth do I do that? -.-"

I usually advice against testing the submit button. For one, who cares if the submit button was sent? Unless there are multiple buttons and you need to see which was clicked, it has no meaningful value. What you should always be checking is the data, not the button.

On top of that, in the past, some browsers (old versions of IE, notably) failed to send along the submit button when it wasn't physically pressed; when the form was submitted by JS or by clicking the Enter button while one of the other inputs had focus. If your code depended on the Submit button being sent with the form, that would prevent it being processed, even though all the data was present.

As I said..

Actually... why on earth do I do that? -.-"

:D

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.