$_POST not working. “Notice: Undefined index: user

2019-04-14 00:32发布

问题:

Possible Duplicate:
PHP: “Notice: Undefined variable” and “Notice: Undefined index”

So, I am currently learning PHP and was reading on a book about the md5 function for passwords, so I decided to give it a try and see how it goes. I also decided to use the POST method rather than the GET, since I saw people saying that it is safer and doesn't let the variables appearing on the URL.

For my testing project I made a very simple form, which follows:

<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title></title>
    </head>
    <body>
        <form action="dologin" method="POST">
            <table border="0">
                <tbody>
                    <tr>
                        <td>Username:</td>
                        <td><input type="text" name="username"></td>
                    </tr>
                    <tr>
                        <td>Password:</td>
                        <td><input type="password" name="password"></td>
                    </tr>
                </tbody>
            </table>
            <input type="submit" value="Login">
        </form>
    </body>
</html>

The problem is that when I enter the values on BOTH fields and click "Login" I get the following output on the other PHP file.

Notice: Undefined index: username in C:\xampp\htdocs\md5\home\dologin\index.php on line 11
Username non existent

Here follows the code for the "/dologin/index.php" file

<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title></title>
    </head>
    <body>
        <?php
            mysql_connect("localhost", "root") or die(mysql_error());
            mysql_select_db("test") or die(mysql_error());
            $query = "SELECT password FROM users WHERE username='".$_POST['username']."'";
            $result = mysql_query($query);
            $row = mysql_num_rows($result);
            if(isset($row)){
                $password = (mysql_result($result,$row - 1));
                $enteredpassword = md5("w@#$@#".$_GET['password']."^#3f%#^");
                if($password == $enteredpassword){
                    if(!isset($_COOKIE['PHPSESSID'])){
                        session_start();
                    }
                    $_SERVER['LOGIN_STATUS'] = true;
                } else {
                    die("Access denied");
                }    
            } else {
                die("Username non existent");
            }

        ?>
    </body>
</html>

Any help at all on my issue is very much appreciated, thank you for reading.

回答1:

undefined index means that somewhere in the $_POST array, there isn't an index (key) for the key username.

You should be setting your posted values into variables for a more clean solution, and it's a good habit to get into.

If I was having a similar error, I'd do something like this:

$username = $_POST['username']; // you should really do some more logic to see if it's set first
echo $username;

If username didn't turn up, that'd mean I was screwing up somewhere. You can also,

var_dump($_POST);

To see what you're posting. var_dump is really useful as far as debugging. Check it out: var_dump



回答2:

first of all,

be sure that there is a post

if(isset($_POST['username'])) { 
    // check if the username has been set
}

second, and most importantly, sanitize the data, meaning that

$query = "SELECT password FROM users WHERE username='".$_POST['username']."'";

is deadly dangerous, instead use

$query = "SELECT password FROM users WHERE username='".mysql_real_escape_string($_POST['username'])."'";

and please research the subject sql injection



回答3:

You should check if the POST['username'] is defined. Use this above:

$username = "";

if(isset($_POST['username'])){
    $username = $_POST['username'];
}

"SELECT password FROM users WHERE username='".$username."'"