Alex1646 Posted June 18, 2011 Share Posted June 18, 2011 All I did was add cookies to my login system. Now I get this error: Notice: Undefined index: password in C:\wamp\www\Login\inc\login.php on line 7 And Notice: Undefined index: user_name in C:\wamp\www\Login\inc\login.php on line 6 Here is my code for the action page: <?php $username = mysql_fetch_assoc($_POST['user_name']); $password = mysql_fetch_assoc($_POST['password']); $q1 = " SELECT FROM login_info WHERE user = '$username' "; $s1 = mysql_query($q1) or die(mysql_error()); if(mysql_num_rows($s1)===0) { echo '<div id="error"> <div id="message"> We cannot seem to find your username. </div> </div>'; } else { $r1 = mysql_fetch_assoc($s1); if($password === $r1['password']) { if(isset($_POST['remember'])) { setcookie('user', $username); } else { $_SESSION['user'] = $username; } echo '<div id="message"> Login Sucssesful </div>'; } } ?> Here is line 6&7: $username = mysql_fetch_assoc($_POST['user_name']); $password = mysql_fetch_assoc($_POST['password']); And here is the form. <form action="?p=login" method="post" > <label for="user_name"> User Name: </label> <input type="text" name="user_name" /> <label for="password"> Password: </label> <br /> <input type="password" name="password"/> <input type="checkbox" name="remember" /> <label style="display:inline;" for='remember'> Remember Me.</label> <br /> <input name="submit" type="submit" value="Submit" /> <input name="reset" type="reset" value="Reset" /> </form> Quote Link to comment Share on other sites More sharing options...
gizmola Posted June 18, 2011 Share Posted June 18, 2011 A notice is not an error. It is an indication in your case that the code tried to reference a variable that did not exist. PHP recovers fine from that, and if you set your errorlevel for a production server you probably wouldn't log notices. They are primarily for your use during development. It's very obvious why you get the notices when a form is submitted where the user_name or password fields are empty. However, a bigger issue is your code: $username = mysql_fetch_assoc($_POST['user_name']); $password = mysql_fetch_assoc($_POST['password']); That is not how mysql works. You need a query, and if the query returns a result set, then you can fetch it. With mysql_fetch_assoc, you would get an array where the columns are the array keys. You can't just pass in a string and "fetch" it. Those function calls will not work. Quote Link to comment Share on other sites More sharing options...
Alex1646 Posted June 18, 2011 Author Share Posted June 18, 2011 Oh My Gosh. I am so dumb. I meant to use mysql_real_escape_string(). Quote Link to comment Share on other sites More sharing options...
fugix Posted June 18, 2011 Share Posted June 18, 2011 As gizmola said, mysql_fetch functions are reserved for mysql query outputs. Since you are simply using the variables to select a row from your db and not to insert. A simple $username = $_POST['username']; will suffice Quote Link to comment Share on other sites More sharing options...
fugix Posted June 18, 2011 Share Posted June 18, 2011 I was about ti recommend that you use some form of user data filtering, like mysql_real_escape_string() to prevent SQL injection etc Quote Link to comment Share on other sites More sharing options...
gizmola Posted June 18, 2011 Share Posted June 18, 2011 You can check to see if a variable is set, with isset(), so if you want that level of completion you can do if (isset($_POST['user_name']) && isset($_POST['user_name'])) { $username = mysql_real_escape_string($_POST['user_name']); // etc. ...do your form processing. } else { // there's no valid account info to check } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.