Noxin Posted December 14, 2014 Share Posted December 14, 2014 <?php if(isset($_POST['submit'])){ $_user=$_POST['user']; } if(isset($_POST['submit'])){ $password=$_POST['password']; } if ($user&&$password){ $connect = mysql_connect("*******************************Secret Password Stuff****************************") or Die("Could not Connect"); mysql_select_db("users") or Die ("Could not find DB"); } else die ("Data Base Is dead we still have a Problem"); ?> This is the error code: Notice: Undefined variable: user in C:\Users\RoSeAnN\Desktop\Web Designing\server\htdocs\connectionphp.php on line 9Data Base Is dead we still have a Problem And Html... if you need it <html> <form action='connectionphp.php' method='POST' accept-charset='UTF-8'> Username:<input type='text' name='user'> Password:<input type='password' name='password'> <input type='submit' value='Log in'> </form> </html> so what am I not doing wrong here and how can i make it work??? All help is much appreciated Thank you! Quote Link to comment https://forums.phpfreaks.com/topic/293091-line-error/ Share on other sites More sharing options...
Ch0cu3r Posted December 14, 2014 Share Posted December 14, 2014 You are getting that notice because there is no variable defined called $user. You do have a variable called $_user though Quote Link to comment https://forums.phpfreaks.com/topic/293091-line-error/#findComment-1499566 Share on other sites More sharing options...
hansford Posted December 14, 2014 Share Posted December 14, 2014 $_user (an underscore at the beginning of a variable name is usually used to indicate the variable is private - like in class visibility) This will come up time and time again, so I might as well say it now - meaning you might as well spend a little time learning it now rather than later - when you have no choice. Best practices for database interactions are to use prepared statements. The code you presented in this regard is deprecated and slated for removal. This means it won't run on newer versions of PHP and it will look like you don't know what your doing if you present code in this manner expecting a paycheck someday. http://php.net/manual/en/mysqli.quickstart.prepared-statements.php <?php // don't let php hide any errors every how humbling it makes you feel error_reporting(E_ALL); ini_set('display_errors', 1); if ( isset($_POST['submit']) ) { if ( isset($_POST['password']) && isset($_POST['user']) ) { $password = trim($_POST['password']); $user = trim($_POST['user']); $con = new mysqli($host, $user, $password, $dbname); if ($con->connect_errno) { die('Connection failed: ' . $con->connect_error); } // do your database stuff here } } Quote Link to comment https://forums.phpfreaks.com/topic/293091-line-error/#findComment-1499573 Share on other sites More sharing options...
Noxin Posted December 14, 2014 Author Share Posted December 14, 2014 You are getting that notice because there is no variable defined called $user. You do have a variable called $_user though Hahaha thank you lets see if this works now Quote Link to comment https://forums.phpfreaks.com/topic/293091-line-error/#findComment-1499577 Share on other sites More sharing options...
Noxin Posted December 14, 2014 Author Share Posted December 14, 2014 $_user (an underscore at the beginning of a variable name is usually used to indicate the variable is private - like in class visibility) This will come up time and time again, so I might as well say it now - meaning you might as well spend a little time learning it now rather than later - when you have no choice. Best practices for database interactions are to use prepared statements. The code you presented in this regard is deprecated and slated for removal. This means it won't run on newer versions of PHP and it will look like you don't know what your doing if you present code in this manner expecting a paycheck someday. http://php.net/manual/en/mysqli.quickstart.prepared-statements.php <?php // don't let php hide any errors every how humbling it makes you feel error_reporting(E_ALL); ini_set('display_errors', 1); if ( isset($_POST['submit']) ) { if ( isset($_POST['password']) && isset($_POST['user']) ) { $password = trim($_POST['password']); $user = trim($_POST['user']); $con = new mysqli($host, $user, $password, $dbname); if ($con->connect_errno) { die('Connection failed: ' . $con->connect_error); } // do your database stuff here } } So if what you say is right which I assume it is is the code you present me, the right way to write the document?? Also May I have your permission to use it please! Quote Link to comment https://forums.phpfreaks.com/topic/293091-line-error/#findComment-1499578 Share on other sites More sharing options...
hansford Posted December 14, 2014 Share Posted December 14, 2014 You can use anything we post on this forum. The important thing is to understand why you are writing the code you write. Regurgitating code without knowing it's purpose will never make you a better programmer. A deeper understanding of what your coding is the key. When you understand something, then you can create something. Copy/paste programming can't help you when you get stuck and actually have to come up with a solution on your own. Never post a question to a forum when you can easily obtain the answer from a simple search. (not referring to your post, but generalizing) Quote Link to comment https://forums.phpfreaks.com/topic/293091-line-error/#findComment-1499580 Share on other sites More sharing options...
Jacques1 Posted December 15, 2014 Share Posted December 15, 2014 While hansford is right about the deprecation of the old mysql_* functions and the importance of prepared statements, the suggested code has several issues: Hard-coding the PHP error configuration in a script is a bad idea. Sure, during development, it makes sense to display the errors right on the screen. But if you forget to remove this code before the site goes into production, you have a problem, because everybody will see the messages. This may leak critical information to attackers, and of course it's very unprofessional and irritating for legitimate users. Dynamic error settings also have no effect on errors which happen before the script runs (syntax errors, startup errors etc.). A much better solution is to put the error configuration into the global php.ini or a site-specific user.ini or .htaccess file. The same applies to MySQL error messages: Do not just print them on the screen. They're meant for developers and administrators, not the end user. If you want to generate internal error messages, use trigger_error() or throw in exception. In the case of MySQLi, you don't have to manually trigger errors at all, because the MySQLi driver can do that for you. Again, it's very important to understand that your database issues are none of the user's business. They don't administer your server, so all they need to know is that there's some technical issue. Do not trim passwords. In a password, every character counts, so don't change it in any way. If you do an isset() check of input parameters, you also need an else part. Simply doing nothing is the worst possible solution, because both the user and the developer will wonder what the hell is going on. The code connects to the MySQL database system with the user-provided credentials. I'm fairly sure this is not what the OP wants. The credentials surely belong to an application-level user account. Quote Link to comment https://forums.phpfreaks.com/topic/293091-line-error/#findComment-1499583 Share on other sites More sharing options...
hansford Posted December 15, 2014 Share Posted December 15, 2014 Ok, so my example wasn't perfect. You can choose whether to allow spaces in your passwords or not when users register. Some users like to copy and paste their passwords which sometimes adds a space. Users shouldn't be copy/pasting, but they do. <?php // use error reporting, but only while debugging error_reporting(E_ALL); ini_set('display_errors', 1); if ( isset($_POST['submit']) ) { if ( isset($_POST['password']) && isset($_POST['user']) ) { $password = $_POST['password']; // get password as it is. $user = trim($_POST['user']); $con = new mysqli($host, $dbuser, $dbpass, $dbname); if ($con->connect_errno) { die('Connection failed: ' . $con->connect_error); } // do your database stuff here } else { // redirect back to login screen } } else // redirect or whatever { exit('Direct access to this page is not allowed'); } Quote Link to comment https://forums.phpfreaks.com/topic/293091-line-error/#findComment-1499622 Share on other sites More sharing options...
Jacques1 Posted December 15, 2014 Share Posted December 15, 2014 (edited) Like I said, in a password, every character is significant. You can't just delete whitespace characters. For example, I generate my passwords randomly, so they may very well include whitespace. If you delete those characters, you actually truncate my password and make I weaker. I understand where you're coming from. But in case of passwords check, fuzziness is a terrible bad idea. You want an exact match, not “The password is kinda-sorta correct, come in”. Some users like to copy and paste their passwords which sometimes adds a space. Users shouldn't be copy/pasting, but they do. What? Why on earth should users not copy and paste their passwords? That's exactly how password managers work. I wonder where this myth comes from. Some websites do in fact prevent pasting the password into the form field, and that's a major PITA for security-oriented users. Edited December 15, 2014 by Jacques1 Quote Link to comment https://forums.phpfreaks.com/topic/293091-line-error/#findComment-1499633 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.