{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 仙女界的扛把子 的问题《Undefined index with $_POST [duplicate]》','https://www.manongdao.com/q-1168203.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am trying to relearn some PHP basics for making a simple login script, however I get an error I have not received before(I made the same script a little over a year ago and never had this error. I simplified the code as much as I could to test to see which area was problematic and here is the issue:
<?php
$user = $_POST["username"];
if($user != null)
{
echo $user;
echo " is your username";
}
else
{
echo "no username supplied";
}
?>
Now this code works fine when I send a variable to the script, but when no variable is supplied it spits out an error. In theory this will be fine because if no username/pass is supplied then an error is expected. I will be checking to make sure of this before the code is send to the script, however I fear that somehow a blank string may leak through and spit out some unknown error. Here is the error I get:
( ! ) Notice: Undefined index: username in C:\wamp\www\verify_login.php on line 2
Call Stack
Time Memory Function Location
1 0.0003 668576 {main}( ) ..\verify_login.php:0
no username supplied
as you can see the code registers that no variable was supplied, but it gives out and error that I assume means that a variable was not found were one was expected or something like that. Can someone please clarify this for me?
Related question: What is the best way to access unknown array elements without generating PHP notice?
Using the answer from the question above, you can safely get a value from $_POST without generating PHP notice if the key does not exists.
I know that this is old post but someone can help:
This code above are my basic POST function what I use anywhere. Here you can put filters, regular expressions, etc. Is faster and clean. My advanced POST function is more complicate to accept and check arrays, string type, default values etc. Let's your imagination work here.
You easy can check username like this:
Also I added
$defaultstring that you can define some default value if POST is not active or content not exists.Play with it.
Instead of
isset()you can use something shorter getting errors muted, it is@$_POST['field']. Then, if the field is not set, you'll get no error printed on a page.In PHP, a variable or array element which has never been set is different from one whose value is
null; attempting to access such an unset value is a runtime error.That's what you're running into: the array
$_POSTdoes not have any element at the key"username", so the interpreter aborts your program before it ever gets to the nullity test.Fortunately, you can test for the existence of a variable or array element without actually trying to access it; that's what the special operator
issetdoes:This looks like it will blow up in exactly the same way as your code, when PHP tries to get the value of
$_POST["username"]to pass as an argument to the functionisset(). However,isset()is not really a function at all, but special syntax recognized before the evaluation stage, so the PHP interpreter checks for the existence of the value without actually trying to retrieve it.It's also worth mentioning that as runtime errors go, a missing array element is considered a minor one (assigned the
E_NOTICElevel). If you change theerror_reportinglevel so that notices are ignored, your original code will actually work as written, with the attempted array access returningnull. But that's considered bad practice, especially for production code.Side note: PHP does string interpolation, so the
echostatements in theifblock can be combined into one:Your code assumes the existence of something:
PHP is letting you know that there is no "username" in the
$_POSTarray. In this instance, you would be safer checking to see if the valueisset()before attempting to access it:Alternatively, you could hi-jack the
||operator to assign a default:As long as the user's name isn't a falsy value, you can consider this method pretty reliable. A much safer route to default-assignment would be to use the ternary operator:
Use:
But you probably should be using some more proper validation. Try a simple regex or a rock-solid implementation from Zend Framework or Symfony.
http://framework.zend.com/manual/en/zend.validate.introduction.html
http://symfony.com/doc/current/book/validation.html
Or even the built-in filter extension:
http://php.net/manual/en/function.filter-var.php
Never trust user input, be smart. Don't trust anything. Always make sure what you receive is really what you expect. If it should be a number, make SURE it's a number.
Much improved code:
Sanitization and validation.