Notice: Undefined index error

[believeinsharing]

I have simple login form which takes input from user, check that with database n goes to the next page for valid user n password.

This is my php code

 

<?php

 

$username =$_POST['txtUsername'];

$pass=$_POST['pass'];

 

$hostname="localhost";

$db_user="root";

$db_password="admin";

$database="myproject";

$db_table="login";

$rowno=1;

global $usertype;

 

$con=mysql_connect($localhost,$db_user,$db_password);

if(!con)

{

die('Error in connection:'.mysql_error());

}

 

mysql_select_db($database,$con);

 

if($_POST['butSubmit']==true)

{

$sql="SELECT * FROM $db_table WHERE username='$username' AND password='$pass'";

$result=mysql_query("SELECT * FROM $db_table WHERE username='$username' AND password='$pass'");

 

$row=mysql_fetch_array($result);

if($rowno = mysql_num_rows($result))

{

session_start();

$_SESSION['name'] = $row[2];

$_SESSION['usertype']=$row[1];

header('Location:contactUs.php');

}

else

{

echo "Try again";

}

 

}

 

?>

 

This code was working fine before, today when I tried run this page its doing all the validation n going to the next page but while loading the login page its showing

 

Notice: Undefined index: txtUsername in C:\webserver\Apache\htdocs\myProject\login.php on line 36

Notice: Undefined index: pass in C:\webserver\Apache\htdocs\myProject\login.php on line 37

Notice: Undefined variable: localhost in C:\webserver\Apache\htdocs\myProject\login.php on line 47

Notice: Use of undefined constant con - assumed 'con' in C:\webserver\Apache\htdocs\myProject\login.php on line 48

Notice: Undefined index: butSubmit in C:\webserver\Apache\htdocs\myProject\login.php on line 55

 

Thanks in advance

 

 

[Mahngiel]

[*] Your [tt]$_POST[tt] parameters have either changed, or the form was not submitted

[*] You have to assign this as a variable

if(!con)   { die('Error in connection:'.mysql_error());   }
// change to
if(! $con) { ... }

[believeinsharing]

@Mahngiel:

Thanks for ur quick reply

I did change if(!con) to if(! $con)

bt no use...

[mrMarcus]

'txtUsername' and 'pass' are not yet set when they're being set to their respective variables.

 

Same thing with trying to test if $_POST['butSubmit'] == true since 'butSubmit' does not yet exist.

 

Change things up a bit by replacing that condition IF statement with:

 

if (isset($_POST['butSubmit'])) {

 

and not defining variables $username and $pass until you've checked that they're set.  This is just standard handling of your incoming data, ESPECIALLY if you're going to be using them within a query.

 

$errors = array();
if (isset($_POST['butSubmit'])) {
if (!isset($_POST['txtUsername']) || empty($_POST['txtUsername'])) {
	$errors['username'] = 'Please enter a valid username';
	// username not set or contains no value; trigger error and do not run query
}
if (!isset($_POST['pass']) || empty($_POST['pass'])) {
	$errors['password'] = 'Please enter your password';
	// username not set or contains no value; trigger error and do not run query
}
if (empty($errors)) {
	// continue with script
	// can now run SQL query as username and password have values
}
else {
	// show errors;
	$i = 1;
	foreach ($errors as $error) {
		echo $i .'. <b>'. $error .'</b><br/>';
		$i++;
	}
}
}

 

Just some sorta pseudo code for you.

 

And you're creating your query twice.  Do this:

 

$sql = "SELECT * FROM $db_table WHERE username='$username' AND password='$pass'";      
$result = mysql_query($sql);

 

And please use mysql_real_escape_string for $username.  And, are you not hashing your passwords in your table?  I sure hope you're not storing plain-text passwords.  You need to use, at least, md5 to hash your passwords.