Undefined _POST variables

[Alex1646]

All I did was add cookies to my login system. Now I get this error:

Notice: Undefined index: password in C:\wamp\www\Login\inc\login.php on line 7

And

Notice: Undefined index: user_name in C:\wamp\www\Login\inc\login.php on line 6

Here is my code for the action page:

<?php
$username = mysql_fetch_assoc($_POST['user_name']);
$password = mysql_fetch_assoc($_POST['password']);

$q1 = "
SELECT  FROM login_info WHERE user = '$username'
";
$s1 = mysql_query($q1) or die(mysql_error()); if(mysql_num_rows($s1)===0)
{
echo '<div id="error"> <div id="message"> We cannot seem to find your username.  </div> </div>';	
}
else
{
$r1 = mysql_fetch_assoc($s1);

if($password === $r1['password'])
{
if(isset($_POST['remember']))
{
setcookie('user', $username);
}
else
{
$_SESSION['user'] = $username;
}
echo '<div id="message"> Login Sucssesful </div>';



}
}
?>

Here is line 6&7:

$username = mysql_fetch_assoc($_POST['user_name']);
$password = mysql_fetch_assoc($_POST['password']);

And here is the form.

<form action="?p=login" method="post" >
<label for="user_name"> User Name: </label> 
<input type="text" name="user_name" /> 
<label for="password"> Password: </label>  <br />
<input  type="password" name="password"/> 
<input type="checkbox" name="remember" /> <label style="display:inline;" for='remember'> Remember Me.</label> <br />
<input name="submit" type="submit" value="Submit" /> <input name="reset"  type="reset" value="Reset" />
</form>

 

 

[gizmola]

A notice is not an error.  It is an indication in your case that the code tried to reference a variable that did not exist.  PHP recovers fine from that, and if you set your errorlevel for a production server you probably wouldn't log notices.  They are primarily for your use during development. 

 

It's very obvious why you get the notices when a form is submitted where the user_name or password fields are empty. 

 

However, a bigger issue is your code:

 

$username = mysql_fetch_assoc($_POST['user_name']);
$password = mysql_fetch_assoc($_POST['password']);

 

That is not how mysql works.  You need a query, and if the query returns a result set, then you can fetch it. With mysql_fetch_assoc, you would get an array where the columns are the array keys.  You can't just pass in a string and "fetch" it.  Those function calls will not work.

[Alex1646]

Oh My Gosh.  I am so dumb. I meant to use mysql_real_escape_string().

[fugix]

As gizmola said, mysql_fetch functions are reserved for mysql query outputs. Since you are simply using the variables to select a row from your db and not to insert. A simple

$username = $_POST['username'];

will suffice

[fugix]

I was about ti recommend that you use some form of user data filtering, like mysql_real_escape_string() to prevent SQL injection etc

[gizmola]

You can check to see if a variable is set, with isset(), so if you want that level of completion you can do

 

if (isset($_POST['user_name']) && isset($_POST['user_name'])) {
   $username = mysql_real_escape_string($_POST['user_name']);
  // etc. ...do your form processing.
} else {
  // there's no valid account info to check
}