undefined varible

Question

Tivoilos 0 Newbie Poster

14 Years Ago

<?php
require_once("Actions/config.php");
if(isset($_POST['email_address']) && $_POST['password']){

$sql    = "SELECT * FROM $tbl_name WHERE email_address ='$email_address' and password ='$password'";
$result = @mysql_query($sql);
// Mysql_num_row is counting table row
$count  = @mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("email");
session_register("password");
header("Location: http://localhost/Actions/home.php");
}
else 
{

echo "Wrong Username or Password";
}
} 

?>

I get a undefined varible to email_address on line 5
this varible is declared in the form which is on index.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>YourRoom-Social Networking Engine</title>
</head>
<body>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="login.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Email</td>
<td width="6">:</td>
<td width="294"><input name="email_address" type="text" id="email_address"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="password" type="text" id="password"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="submit" value="submit"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
</body>
</html>

Any ideas why I keep on getting this?

php

3 Contributors
5 Replies
129 Views
12 Hours Discussion Span
Latest Post 14 Years Ago Latest Post by FlashCreations

All 5 Replies

SimonMayer 2 Junior Poster in Training

14 Years Ago

if(isset($_POST['email_address']) && $_POST['password']){

$sql    = "SELECT * FROM $tbl_name WHERE email_address ='$email_address' and password ='$password'";

Have you got anything that says $email_address = $_POST;
And likewise for $password?

Is $tbl_name declared in Actions/config.php?

Also, there is a slight problem with the syntax you are using.
It should be

$sql    = "SELECT * FROM ".$tbl_name." WHERE email_address ='".$email_address."' and password ='".$password."'";

FlashCreations 20 Posting Whiz

14 Years Ago

First off, I would mysql_real_escape() any string you pass to MySQL. Secondly, your problem is once someone logs in, the $_POST for the username and password are no longer passed to the page. You need to set a cookie using $_COOKIE['name']="value" containing the username and password and get the username and password from that instead of $_POST . Please know, this is very weak security. You should not only md5() you passwords, but instead of storing a password in a cookie, use a unique session id.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Tivoilos 0 Newbie Poster · Answer 1 · 2009-08-17T03:47:04+00:00

Ok so I got that fixed thanks for the help. Now I can't login to the home.php it keeps on telling me that my username or password is wrong...I entered the information myself into the database so I know that my email_address an password is correct any reason this could be happening?

<?php
require_once("Actions/config.php");
if(isset($_POST['email_address']) && $_POST['password']){

$email_address = $_POST['email_address'];
$password      = $_POST['password']; 

$sql    = "SELECT * FROM ".$tbl_name." WHERE email_address ='".$email_address."' and password ='".$password."'";
$result = @mysql_query($sql);
// Mysql_num_row is counting table row
$count  = @mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("email");
session_register("password");
header("Location: http://localhost/Actions/home.php");
}
else 
{

echo "Wrong Username or Password";
}
} 

?>

Tivoilos 0 Newbie Poster · Answer 2 · 2009-08-17T05:24:56+00:00

I am using session as of right now if you noticed but I get what your saying so my cookie would be something like this..

$_COOKIE['email_address']=."$email_address".

or would that not be correct?

Also as of right now I am just in testing stages of the site so there is no md5 as of right now. Just trying to get a working login script then will modify it for more security.

FlashCreations 20 Posting Whiz · Answer 3 · 2009-08-17T05:34:02+00:00

I am using session as of right now if you noticed but I get what your saying so my cookie would be something like this..
$_COOKIE['email_address']=."$email_address".
or would that not be correct?
Also as of right now I am just in testing stages of the site so there is no md5 as of right now. Just trying to get a working login script then will modify it for more security.

That would be correct. To get the email you would use $_COOKIE['email'] and you would obtain the password with $_COOKIE['password'] . Your problem is in the home.php script you are getting these values using $_POST . In home.php, you need to use the Cookie method I talked about above.

So that I understand correctly, the PHP code you've given is for login.php. If so, remove the @ before the mysql query function and see what error comes up. It will help to know if the problem is with your query (That is if the problem is with the login.php and not home.php).

undefined varible

Recommended Answers Collapse Answers

All 5 Replies

Recommended Answers