Undefine Variable while submitting form

PHP
1

im have been learning php and now im learning connection with database.im trying to create very simple login form connecting database but im getting undefined variable on the code:

<?php include"db.php"; ?>

<?php 
	if(isset($_POST['login'])){
		$username = $_POST['username'];
		$password = $_POST['password'];

		$username = mysqli_real_escape_string($connection, $username);
		$password = mysqli_real_escape_string($connection, $password);

		$query = "SELECT * FROM users WHERE username = '{$username}'";
		$select_user_query = mysqli_query($connection, $query);

		if(!$select_user_query){
			die("Query Failed. " . mysqli_error($connection));
		}

		while($row = mysqli_fetch_assoc($select_user_query)){
			$db_user_id = $row['user_id'];
			$db_username = $row['username'];
			$db_user_password = $row['user_password'];
		}

		if ($username == $db_username && $password == $db_user_password) {
			echo "Login successful";
		}elseif ($username !== $db_username && $password !== $db_user_password) {
			echo"Username and Password didn't match";
		}else{
			echo"Login Failed. Please try again...";
		}

	}
 ?>

but esleif statement is throwing error while submitting form with wrong username and wrong password its throwing error that undefined Variable db_username and undefine Variable db_user_password
if insert it blank or correct username and password its working fine…

Following section is throwing undefined variable error

elseif ($username !== $db_username && $password !== $db_user_password)
2

It doesn’t answer your question, but the first and most important thing is never to save passwords as plain text. You should be using password_hash and password_verify.

Another, since you are still learning PHP is to use PDO rather than mysqli* for accessing the database. A good place to learn PDO is here.

2 Likes
3

It will do. You only create those variables when you retrieve at least one row from the database. At the if() statement where you first compare them to the user input, if the user entered an invalid username, you won’t have created those variables (because your while() loop won’t have run as there were no matching rows), so you’ll get that error message.

One way around it would be to create the variables before you run the query, so they exist whether the query finds a row or not. Just assign them a blank string value.

4

Alternatively, reorder your if.

First if $db_username or $db_user_password is not set, then Login Failed.
ElseIf $db_username or [Hint: You should be checking for OR here, not AND…] $db_user_password dont match, They didnt match,
Else Login was successful.

Because the IF checks the existance of the variables first, if either of them aren’t set, it will not evaluate the other parts of the else/elseif (because it’s found a true path already).
If the code moves to the elseif, then you know the variables exist; it can then safely check if they equal something (or don’t, in this case).
If the code moves to the else, then you know the variables exist, and they both matched, so you’re all good.

5

You are getting the undefined variable errors because you are using a loop to fetch the data, then trying to use non-existent values after the end of the loop.

Don’t use a loop to fetch a single row of data. Just fetch the data directly and test if there is any fetched data. Also, since the query is matching the username, if there is a fetched row of data, you know that the username matched. You don’t need to repeat the test in the php code. Don’t Repeat Yourself (DRY.)

6

Thank for all for helping now im crystal clear…

7

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.