Undefined index and non object errors on php 4.3.9

Im getting these errors after installing a script on the server. I dont have a choice of where it is hosted so I cannot change the fact that its php4. I didn’t write the script and it works on php5 without errors.

Here is what I am getting:

Notice: Undefined index: loggedInTimecard in /database.php on line 5

Notice: Undefined index: userName in /database.php on line 14

Notice: Undefined index: password in /database.php on line 14

Fatal error: Call to a member function on a non-object in /database.php on line 15

Is this easily fixable or will I have to rewrite the whole dang thing?

Code is below. THANKS!

<?php

  $Conn = mysql_connect('localhost','','',');

if($_COOKIE['loggedInTimecard'] == "1") {
	$sql = "SELECT * FROM users WHERE id ='" . $_COOKIE['idTimeCard'] ."'";
	$result = $Conn->query($sql);
	while($recordSet = $result->fetch_assoc()){
		$adminName = $recordSet['fName'] . " " . $recordSet['lName'];
		$signature = $recordSet['signature'];
		$userId = $recordSet['id'];
	}
	}else{
	$sql = "SELECT * FROM users WHERE userName ='" . $_POST['userName'] ."' AND password ='" . md5($_POST['password']) ."'";
	$result = $Conn->query($sql);

	if($result->num_rows > 0){
	while($recordSet = $result->fetch_assoc()){
		if($recordSet['fName'] != ""){
		$adminName = $recordSet['fName'] . " " . $recordSet['lName'];
		$signature = $recordSet['signature'];
		$userId = $recordSet['id'];
		setcookie('loggedInTimecard',"1");
		setcookie('idTimeCard',$recordSet['id']);
		}else{

			header("Location: ./login.php");
		}
	}
	}else{

		header("Location: ./login.php");
	}
}


?>

I’ve seen quite a bit of code that simply ignores notice errors. But in this case it’s not too hard to fix them. You can either define them to a default value and then redefine them. Or you can test if they’re set before trying to use them. eg.

$userName = (isset($_POST['userName'])) ? $_POST['userName'] : '';

do other validation stuff and then use it in preferably a prepared statement. The code you posted looks like it doesn’t do much in the way of security.

The fatal error is a more serious error. mysql_connect() returns a resource, and AFAIK it doesn’t have a query method so I don’t know what that’s about.

I don’t know who wrote the script but I’d either ask them about it or find something better.

You could change

$Conn->query($sql);

to

query($sql,$Conn);

to fix that error.

Or you can also just ignore the notices by setting the error reporting level to E_ALL & ~E_NOTICE on top of your script.


error_reporting(E_ALL & ~E_NOTICE);

This will show all errors, except for notices and coding standards warnings.

I am sure this is just a typo, you have missed or there is an extra single quote in the connection line.


$Conn = mysql_connect('localhost','','');

suspicion are you trying to use a database object? The way your code is it seems that way. Did you mean to be using mysqli instead of mysql?

Since this line has been used to connect to mysql,


$Conn = mysql_connect('localhost','','');

So it seems that $Conn is an object of a database class.

mysql_connect is not a class, it is a native PHP function.

Based on the line:

$result = $Conn->query($sql);

I think the OP’s intention was to either use a database class or possibly use the mysqli extension as an object

That’s why i said:

So it seems that $Conn is an object of a database class.

Yes then the OP needs to do something like Stephen already told if OP has the function query() defined somewhere in his library and supposed to use. Otherwise either he should go for mysqli and change the connection and all accordingly or he needs to use mysql_query($sql, $Conn) or something like this.

Thanks for the responses so far. There was a typo in my OP and I copied a line incorrectly so here is the code:

<?php

  $Conn = new mysqli('localhost','****','******','*******');
    
    if($_COOKIE['loggedInTimecard'] == "1") {
	$sql = "SELECT * FROM users WHERE id ='" . $_COOKIE['idTimeCard'] ."'";
	$result = $Conn->query($sql);
	while($recordSet = $result->fetch_assoc()){
		$adminName = $recordSet['fName'] . " " . $recordSet['lName'];
		$signature = $recordSet['signature'];
		$userId = $recordSet['id'];
	}
	}else{
	$sql = "SELECT * FROM users WHERE userName ='" . $_POST['userName'] ."' AND password ='" . md5($_POST['password']) ."'";
	$result = $Conn->query($sql);
	
	if($result->num_rows > 0){
	while($recordSet = $result->fetch_assoc()){
		if($recordSet['fName'] != ""){
		$adminName = $recordSet['fName'] . " " . $recordSet['lName'];
		$signature = $recordSet['signature'];
		$userId = $recordSet['id'];
		setcookie('loggedInTimecard',"1");
		setcookie('idTimeCard',$recordSet['id']);
		}else{
			
			header("Location: ./login.php");
		}
	}
	}else{
		
		header("Location: ./login.php");
	}
}
?><?php

  $Conn = new mysqli('localhost','aarondec_c4c','387345#Asd2','aarondec_c4c');
    
    if($_COOKIE['loggedInTimecard'] == "1") {
	$sql = "SELECT * FROM users WHERE id ='" . $_COOKIE['idTimeCard'] ."'";
	$result = $Conn->query($sql);
	while($recordSet = $result->fetch_assoc()){
		$adminName = $recordSet['fName'] . " " . $recordSet['lName'];
		$signature = $recordSet['signature'];
		$userId = $recordSet['id'];
	}
	}else{
	$sql = "SELECT * FROM users WHERE userName ='" . $_POST['userName'] ."' AND password ='" . md5($_POST['password']) ."'";
	$result = $Conn->query($sql);
	
	if($result->num_rows > 0){
	while($recordSet = $result->fetch_assoc()){
		if($recordSet['fName'] != ""){
		$adminName = $recordSet['fName'] . " " . $recordSet['lName'];
		$signature = $recordSet['signature'];
		$userId = $recordSet['id'];
		setcookie('loggedInTimecard',"1");
		setcookie('idTimeCard',$recordSet['id']);
		}else{
			
			header("Location: ./login.php");
		}
	}
	}else{
		
		header("Location: ./login.php");
	}
}
?>

There was a typo in my OP and I copied a line incorrectly so here is the code:

You are the OP btw :wink:

By OP here you meant:
output ?
original post?
just curious :slight_smile:

While it’s true you can simply turn off the notice errors (perhaps justifiable in production but not development testing IMHO), I still think it’s unwise to use the user supplied input directly in the query without validating and sanitizing it.

Off Topic:

OP in a forum typically means either:
Original Post
or
Original Poster

But like everything, it’s all context.

I meant my Original Post

anyway…

I was able to get the host to upgrade to PHP Version 5.1.6, the orginal server this ran on was PHP Version 5.2.11. It still doesn’t work.

I took the following suggestion:



$Conn->query($sql);

to

query($sql,$Conn);

to fix that error.

And I still received the Call to undefined query(). Why would the first part of this query run to check the user/pass and when it has been validated it tries to run the second and fails?

if($_COOKIE['loggedInTimecard'] == "1") {
    $sql = "SELECT * FROM users WHERE id ='" . $_COOKIE['idTimeCard'] ."'";
    $result = $Conn->query($sql);
    while($recordSet = $result->fetch_assoc()){
        $adminName = $recordSet['fName'] . " " . $recordSet['lName'];
        $signature = $recordSet['signature'];
        $userId = $recordSet['id'];
    }
    }else{
    $sql = "SELECT * FROM users WHERE userName ='" . $_POST['userName'] ."' AND password ='" . md5($_POST['password']) ."'";
    $result = $Conn->query($sql);

I am not awesome at this by an stretch and Im stuck since it was working on another server. I didn’t write this it was given to me to use. Thanks!

On the server where it isn’t working do:

<?php phpinfo(); ?>

Do you see MySQLi listed anywhere there, if you don’t then it’s not installed on the server.

Hi,

Yes it is listed:

mysqli

MysqlI Support	enabled
Client API library version	5.0.82sp1
Client API header version	5.0.62
MYSQLI_SOCKET	/var/lib/mysql/mysql.sock

Directive	Local Value	Master Value
mysqli.default_host	no value	no value
mysqli.default_port	3306	3306
mysqli.default_pw	no value	no value
mysqli.default_socket	no value	no value
mysqli.default_user	no value	no value
mysqli.max_links	Unlimited	Unlimited
mysqli.reconnect	Off	Off

First of all you be sure that you are intentionally using mysqli or not. If yes, then see if that has been installed/enabled in your server or not because it might not be enabled in all the servers. If you are using normal mysql functions then you need to change your code something like this:


$sql = "SELECT * FROM users WHERE id ='" . $_COOKIE['idTimeCard'] ."'";
    $result = mysql_query($sql) or die(mysql_error());
    while($recordSet = mysql_fetch_assoc($result)){
        $adminName = $recordSet['fName'] . " " . $recordSet['lName'];
        $signature = $recordSet['signature'];
        $userId = $recordSet['id'];
    }