php PHP中的未定义变量错误
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/910457/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Undefined variable error in PHP
提问by Kevin
Notice: Undefined variable: username in C:\xampp\htdocs\test_class.php
on line 20
Notice: Undefined variable: password in C:\xampp\htdocs\test_class.php
on line 20
I get the above error when i use this piece of code for checking down my username and password with my database.
当我使用这段代码通过我的数据库检查我的用户名和密码时,出现上述错误。
<?php
class test_class {
public function __construct() {
}
public function doLogin() {
include("connection.php");
if (isset($_POST['username']))
{
$username= $_POST['username'];
}
if (isset($_POST['password']))
{
$password= $_POST['password'];
}
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysql_fetch_array(mysql_query($query));
if(!$result)
{
return 'assa';
}else{
return 'assa112121212';
}
}
}
?>
回答by soulmerge
This means, most likely, that your form hasn't been submitted. You should make sure that you only use the variables if they exist. Furthermore, you should never everuse the input from users without validating it. Try the following, for example:
这很可能意味着您的表单尚未提交。您应该确保仅使用存在的变量。此外,您永远不应该在未经验证的情况下使用来自用户的输入。例如,请尝试以下操作:
if (isset($_POST['username']) && isset($_POST['password']))
{
$username= $_POST['username'];
$password= $_POST['password'];
$query = "SELECT *
FROM users
WHERE username = '".mysql_real_escape_string($username)."'
AND password = '".mysql_real_escape_string($password)."'";
$result = mysql_fetch_array(mysql_query($query));
# ...
}
else
{
return NULL;
}
回答by Aiden Bell
This is just a noticethat the variables are being referenced in the query without being in scope.
这只是一个注意,变量在查询中被引用而不在范围内。
Define $username and $password at the top of doLogin() and initialized them to Null or similar. Then check for them later.
在 doLogin() 的顶部定义 $username 和 $password 并将它们初始化为 Null 或类似的。然后稍后检查它们。
You also seem to be executing the query regardless of $username and $password being set. You should do something more like:
无论 $username 和 $password 是否设置,您似乎也在执行查询。你应该做一些更像:
if( isset($_POST['username']) && isset($_POST['password'])){
//create vars, do query
}else{
// Nothing to process
}
Both errors occur on line 20, which I assume is the query string interpolation. The issues here are:
这两个错误都发生在第 20 行,我假设这是查询字符串插值。这里的问题是:
- inconsistent scope/referencing (which sucks in PHP anyway)
- Your ifs need to be a bit more orderly. This error is small, but worse ones will bite you in the bum later if you handle variables like this :)
- 不一致的范围/引用(无论如何在 PHP 中都很糟糕)
- 你的 if 需要更有条理。这个错误很小,但如果你处理这样的变量,更糟糕的错误会在以后咬你:)
Also: escape your variables before dumping them like hot coals into your SQLsee PDO (which I would go for) or mysql_escape_string()
另外:在将变量像热煤一样转储到 SQL 中之前先转义变量,请参阅 PDO(我会选择)或 mysql_escape_string()
good luck!
祝你好运!
回答by Mantichora
One more happy class and bug free :)
又一堂快乐的课,没有错误:)
<?php
class test_class
{
private $post = array();
public function __construct ()
{
}
public function doLogin ()
{
$this->post = $_POST;
include ("connection.php");
if ($this->post['username'] && $this->post['password']) {
$username = $this->post['username'];
$password = $this->post['password'];
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysql_fetch_array(mysql_query($query));
if (! $result) {
return 'assa';
} else {
return 'assa112121212';
}
}
}
}
?>
回答by PatrikAkerstrand
<?php
class test_class {
public function doLogin() {
include("connection.php");
if (isset($_POST['username']) && isset($_POST['password']) {
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * ".
"FROM users " .
"WHERE username = '$username' ".
" AND password = '$password'";
$result = mysql_fetch_array(mysql_query($query));
if(!$result) {
return 'assa';
} else {
return 'assa112121212';
}
} else {
echo "Missing parameter 'username' and/or 'password'";
}
}
}
Also, you should escape$usernameand $passwordto avoid sql injectionattacks.
回答by garrow
You are also checking the database whether or not a username and password are supplied.
您还要检查数据库是否提供了用户名和密码。
Perhaps something like this;
也许是这样的;
public function doLogin() {
include("connection.php");
$username = (isset($_POST['username'])) ? $_POST['username'] : NULL ;
$password = (isset($_POST['password'])) ? $_POST['password'] : NULL ;
if ( $username !== NULL && $password !== NULL ) {
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysql_fetch_array(mysql_query($query));
/* auth code here */
} else {
return false; // no u/p provided
}
}
You should also be escaping your inputs before putting them anywhere near your database, either by using mysql_real_escape_stringor PDO (PHP Data Objects)
您还应该在将输入放在数据库附近的任何位置之前转义输入,无论是使用mysql_real_escape_string还是PDO(PHP 数据对象)
回答by helloandre
You're going to want to use error_reporting(E_ALL ^ E_NOTICE); from the page Sam linked to. Notices are really unnecessary, and are like using WALL and WERROR flags with gcc.
您将要使用 error_reporting(E_ALL ^ E_NOTICE); 从山姆链接到的页面。通知实际上是不必要的,就像在 gcc 中使用 WALL 和 WERROR 标志一样。
