0

Im countering sort of a weird problem at this moment. I made a simple login form, it works halfway thru. You can indeed write your name in and such but once you hit the Submit button, I get some " Undefined index: nameX" symbols eventho I have added the variable for it before the function and such.

This is the content of the sql_connection.sql (well part of it you have to see atleast)

/* Registration */
    $nameX = $_POST['name'];

    $query = isRegistered($_POST['name']); //this will check if they are valid or not

    if(isset($_POST['submit'])) {
        if(!empty($_POST['name'])) {
            if($query == true) {
                echo "Welcome back";
            }
        }
        else {
            echo "No accounts found";
        }
    }

function isRegistered($name) {
        global $handler;

        $query = "SELECT ID FROM players WHERE Username= '".$name."'";

        $result = mysqli_query($handler, $query);

        if(mysqli_num_rows($result) != 0) {
            while($row = mysqli_fetch_assoc($result)) {
                return true;
            }
        }
        else {
            return false;
        }
    }

and this is the actual form 

<div id="login">
            <form action="includes/sql_connection.php" method="get">
                First name: <input type="text" name="name"><br>
                <input id="button" type="submit" name="submit" value="Sign-Up">
            </form>
        </div>

The error

Notice: Undefined index: name in C:\wamp\www\php\includes\sql_connection.php on line 101

and the error line (line: 101)

$nameX = $_POST['name'];
None Pro
  • 3
  • 2
  • 1
    You are using GET but looking for form values in POST – John Conde Jul 24 '16 at 01:00
  • Aha thanks ! I overlooked that – None Pro Jul 24 '16 at 01:04
  • 1
    how about a password – Drew Jul 24 '16 at 01:17
  • 1
    Your code is vulnerable to [SQL Injection](http://stackoverflow.com/documentation/php/275/using-a-database/2685/sql-injection-and-prevention#t=201607240136533133613) – Machavity Jul 24 '16 at 01:37
  • Why fetch, the `num_rows` will already tell you if there was a record. – chris85 Jul 24 '16 at 01:44
  • I have a `mysqli` routine you can poach [here](http://stackoverflow.com/a/33665819) . It has a decent stub for a mini schema, a form, registration, login, hashed password, password verify, session, and binding parameters. Rather compressed, but I didn't want to write a book. – Drew Jul 24 '16 at 02:00

1 Answers1

0

A couple of quick observations

Your form triggers a GET request, but your code is looking at POST inputs. You'll never see anything. John Conde pointed that out.

You also have a logic flaw

$nameX = $_POST['name'];    
$query = isRegistered($_POST['name']);

if(isset($_POST['submit'])) {
    if(!empty($_POST['name'])) {

You're using $_POST['name'] first, then checking whether it's non-empty later. You're accessing form inputs first, then checking whether there are any inputs later (with the isset). That will cause your isRegistered to be called with undefined variables when there is no form input. This order should be reversed.

BeetleJuice
  • 39,516
  • 19
  • 105
  • 165