Undefined index

Question

Hello can you look into my code. I have three undefined variables here and I really don't know what to fix

Notice: Undefined index: Username in Line 70

Notice: Undefined index: password in Line 71

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in Line 86

<!DOCTYPE HTML>
 <?php
    //Start session
    session_start();    
    //Unset the variables stored in session
    unset($_SESSION['SESS_Username']);
    unset($_SESSION['SESS_Password']);


?>

<html>
<head> 
<title> Ilokandroid Dynamic Web </title>

    <meta name="author" content="jessiemaymasaoay and jaysonpinzon" >
    <meta name="description" content="Student MiniSystem" >
    <meta name="keywords" content="HTML,CSS,XML,Javascript, miniSystem Web Page" />

    <style type="text/css" media="screen">

    body{background: url(assets/images/back1.png) top no-repeat fixed;}

    .upper
    {
        width:800px;height:100px; margin:auto; border: 5px; padding:2px;
    }
    #form 
    {
        width:400px;height:190px; margin:auto; border: 2px solid black; padding:10px;
        text-align: justify; margin-top: 150px;  background:#008080 ; font-size: 1p6x;
    }
    </style>


    </script>

</head>


</head>

<body>
    <div id="slide"> </div>

    <div id="form">
        <form name="loginform" action="log.php" onsubmit="return validateForm()" method="post">
        <table border="0" align="center" cellpadding="2" cellspacing="5">
              <tr>
                <td colspan="2">
                    <!--the code bellow is used to display the message of the input validation-->
                     <?php
                        if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) 
                        {
                        echo '<ul class="err">';
                        foreach($_SESSION['ERRMSG_ARR'] as $msg) {
                            echo '<li>',$msg,'</li>'; 
                            }
                        echo '</ul>';
                        unset($_SESSION['ERRMSG_ARR']);
                        }
                    ?>
                </td>
              </tr>
              <tr>
                    <?php

// Grab User submitted information
$email = $_POST["Username"];
$pass = $_POST["password"];

// Connect to the database
$con = mysql_connect("localhost","root","");
// Make sure we connected succesfully
if(! $con)
{
    die('Connection Failed'.mysql_error());
}

// Select the database to use
mysql_select_db("ilokandroid",$con);

$result = mysql_query("SELECT Username, password FROM user WHERE Username = $email");

$row = mysql_fetch_array($result);

if($row["Username"]==$email && $row["password"]==$pass)
    echo"You are a validated user.";
else
    echo"Sorry, your credentials are not valid, Please try again.";
?>
                <td width="116"><b> Username : </b> </div></td>
                <td width="177">
                    <input type="text" name="Username" maxlength="40"/">
                </td>
              </tr>
              <tr>
                <td> <b> Password : </b> </div></td>
                <td><input name="Password" type="password" /></td>
              </tr>
              <tr>
                <td> </td> </td>
                <td width="177"><input name="remember" type="submit" value="Log In" /></td>
              </tr>
            <tr>
                <td  width="177"> Doesn't have an account? </td> <td> <a href="index.php"> Sign Up </a>  </td>
            </tr>
        </table>

        </form>
    </div>

</body>

</html>

Another example of a query subject to an SQL injection. Do not use user input directly in a query (for example $_POST or $_GET). This is a dangerous query, look into using PDO and prepared statements. Standard mysql functions are deprecated. — Devon, Apr 04 '14 at 15:53

score 5 · Answer 1 · edited May 23 '17 at 12:09

5

Your query failed because you didn't put quotes around your string value

$result = mysql_query("SELECT Username, password FROM user WHERE Username = $email");

should be

$result = mysql_query("SELECT Username, password FROM user WHERE Username = '$email'");

Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

You are also wide open to SQL injections

edited May 23 '17 at 12:09

Community

1
1

answered Apr 04 '14 at 15:38

John Conde

212,985
98
444
485

+1 --- *Plus*, `password` and `Password` --- `$pass = $_POST["password"];` and `` another fail. `A!=a;` – Funk Forty Niner Apr 04 '14 at 15:41
It also appears they store passwords in plain text. – John Conde Apr 04 '14 at 15:42
...Yepper Pepper! As we say in Italian, "esattamente, è non bene". Buongiorno Giovanni ;-) Translated: "Exactly, it's not good. Good day John." --- Giovanni=John in la lingua italiano ;-) – Funk Forty Niner Apr 04 '14 at 15:43
thanks i got rid the error boolean, I'm really confused I still had the username and password undefined error. – ExistNot Apr 04 '14 at 15:54
@user1889618 That's because they're not set until the form submits. You need to make sure thr form is submitted before running your code. – John Conde Apr 04 '14 at 15:55
@Fred-ii- Now I know a little bit of Italian (I am part Italian) :) – John Conde Apr 04 '14 at 15:56
@JohnConde Ah, the things we learn. Molto bene John. I'm not fluent, but my vocabulary is pretty wide, and I can order in a ristorante with no problema ;-) – Funk Forty Niner Apr 04 '14 at 15:59

score -1 · Answer 2 · answered Apr 04 '14 at 15:56

-1

in query add quotes around $email.

Username = '$email'

answered Apr 04 '14 at 15:56

shivanshu patel

792
10
19

It's not the only issue here. Double check OP's entire code. – Funk Forty Niner Apr 04 '14 at 16:00
-1. This answer appears to have been posted 15 minutes after John Conde's ! – Smandoli Apr 04 '14 at 16:11

Undefined index

2 Answers2