0

I keep getting the following error Undefined variable: password on line 33 how do I correct this problem? So this error will stop showing.

Here is the php code.

$first_name = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['first_name']))));
$password1 = mysqli_real_escape_string($mysqli, $purifier->purify(strip_tags($_POST['password1'])));
$password2 = mysqli_real_escape_string($mysqli, $purifier->purify(strip_tags($_POST['password2'])));




// Check for a password and match against the confirmed password:
if ($password1 == $password2) {
    $sha512 = hash('sha512', $password1);
    $password = mysqli_real_escape_string($mysqli, $sha512);
} else {
    echo '<p class="error">Your password did not match the confirmed password!</p>';
}



//If the table is not found add it to the database
if (mysqli_num_rows($dbc) == 0) {
        $mysqli = mysqli_connect("localhost", "root", "", "sitename");
        $dbc = mysqli_query($mysqli,"INSERT INTO users (user_id, first_name, password) 
                                     VALUES ('$user_id', '$first_name', '$password')");
}



//If the table is in the database update each field when needed
if ($dbc == TRUE) {
        $dbc = mysqli_query($mysqli,"UPDATE users 
                                     SET first_name = '$first_name', password = '$password' 
                                     WHERE user_id = '$user_id'");

        echo '<p class="changes-saved">Your changes have been saved!</p>';

}
Improve this question
1
  • its WHERE user_id = '$user_id'"); Commented Apr 5, 2010 at 20:03

6 Answers 6

Reset to default
1

There's only one place where a value is assigned to $password

if ($password1 == $password2) {
    $sha512 = hash('sha512', $password1);
    $password = mysqli_real_escape_string($mysqli, $sha512);
}

So, if the condition isn't met there will be no $password. And in that case it doesn't make sense to perform the UPDATE query anyway.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

well then it should display echo '<p class="error">Your password did not match the confirmed password!</p>'; instead of an error.
Initialize $password. Add $password = ''; above it all.
Imo there's a lot to fix. E.g. all that $purifier->purify(htmlentities(strip_tags(...))) stuff, you seriously should reevaluate that, don't just apply any/everything you can throw at those strings in hope something will do the trick. Do something useful instead, e.g. testing if the password is somewhat "strong". Right now a password like "" or "a" is accepted despite all that mumbojumbo. Or that "if the insert fails try an update" part. Your script should really know whether a new user record is created or an existing record is to be updated at this point.
1

At the top define 

$password = '';

then change the DBC check to

if ($dbc == TRUE && $password != ''){
Improve this answer

Comments

0

As you can see, the database insert is done whether the first if() was true or false. If it's false ($password1 and $password2 doesn't match), $password won't be defined.

Improve this answer

Comments

0

If this condition fails:

 if ($password1 == $password2) {

$password will not get defined, raising an error in one of the lines it is used in later.

Improve this answer

Comments

0

You don't raise an ERROR with an ELSE statement on the $password = ...... line so there is clearly an error there and it's not being defined. The top level if statement is fine, but the error is on the $password declaration line. Do you see how that works?

Improve this answer

Comments

0

Instead of retrying the query if the insert fails (presumably because the user_id already exists - you've made that your primary key?), you could use the alternate INSERT INTO ... ON DUPLICATE KEY UPDATE syntax:

INSERT INTO users (user_id, first_name, password) 
VALUES ('$user_id', '$first_name', '$password')
ON DUPLICATE KEY UPDATE
    first_name=VALUES(first_name),
    password=VALUES(password)

On a nitpicky point, your comments say "if the table is not found" and "if the table...". You're not dealing with table creation/modification - you're working with records that are stored in a table.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.