Undefined Index at Login (PDO)

Question

I am getting two annoying undefined index lines. I was trying to fix these.

Notice: Undefined index: user in C:\xampp\htdocs\lynnletbo\diarypanel\login.php on line 4 Notice: Undefined index: pass in C:\xampp\htdocs\lynnletbo\diarypanel\login.php on line 5

login.php

<html>
<body>
    <form method = "post" action = "login.php">
    <input type = "text" name = "user" placeholder = "Username" />
    <input type = "password" name = "pass" placeholder = "Password" />
    <input type = "submit" name = "submit" value = "Login" />
    </form>
</body>

The above code is a form where I can login.

Here is the following code that I use to check from Database and login.

<?php
require('../db_connect.php');
session_start();
$username = $_POST['user'];
$password = $_POST['pass'];
if(isset($_POST) && $username != '' && $password != '') {
    $sql = $database->prepare("SELECT `user_id`, `user_password` FROM `users` WHERE `user_name` = ?");
    $sql->execute(array($username));
    if ($row = $sql->fetch()){
        $_SESSION['username'] = true;
    }
    else {
        echo "Can't login";
    }
}
?>

Kevin · Accepted Answer · 2017-12-04T06:45:01.403

2

Its simple, just check whether these indices exists in POST before processing the form.

Normally, $_POST values are unpopulated on initial load, so assigning them on load will spew that undefined index error.

<?php

require '../db_connect.php';
session_start();

if (!empty($_POST['user']) && !empty($_POST['pass'])) {

    // then continue
    $username = $_POST['user'];
    $password = $_POST['pass'];
    $sql = $database->prepare("SELECT `user_id`, `user_password` FROM `users` WHERE `user_name` = ?");
    $sql->execute(array($username));
    if ($row = $sql->fetch()) {
        $_SESSION['username'] = true;
        // handle password matching here
    }
    else {
        echo "Can't login";
    }


}

?>

There are some intricacies that goes into this. If you'd like to know those, I suggest visit deceze's article to know more.

edited Dec 04 '17 at 06:45

answered Apr 18 '15 at 10:02

Kevin

41,694
12
53
70

Don't we have enough dupes for this? – Rizier123 Apr 18 '15 at 10:03
Thanks. I should've used empty function before defining a new post variable. – Kaung Myat Lwin Apr 18 '15 at 10:04
@Rizier123 actually i was going to rescind this, but i guess im bored having to find the canonical. i always forget to use our golden hammer lol :D – Kevin Apr 18 '15 at 10:08
@lynnletlwin yes you should always check before proceeding into form processing – Kevin Apr 18 '15 at 10:08
@Ghost But isn't this important especially now in the morning when there is soooo much dupe (crap) questions ?! – Rizier123 Apr 18 '15 at 10:10
@Rizier123 yeah, its like never ending :D – Kevin Apr 18 '15 at 10:18

score -1 · Answer 2 · answered Apr 18 '15 at 09:59

-1

$_POST['pass'] should be $_POST['password'] as same as you named that field

answered Apr 18 '15 at 09:59

wijaya

152
7

OP doesn't have `$_pass` in his code – Rizier123 Apr 18 '15 at 10:01
The field is named "pass", "password" is the type ... – Sirko Apr 18 '15 at 10:01

Undefined Index at Login (PDO)

2 Answers2