13 replies to this topic

[Chris.]

When I am using the $_POST method, I get notices that say the variable is undefined so say I have something like:

form;

<form action="process.php" method="POST">
Username:<br />
<input type="text" name="user" /><br /><br />
Password:<br />
<input type="password" name="pass" /><br /><br />
<input type="submit" name="login" value="Login!" />
</form>

process;

<?php
$username = $_POST['user'];
$password = $_POST['pass'];
if(isset($_POST['login'])){
blah blah blah }
?>

Now when I use the $_POST method on my form and process, I get notices that say something like for this it would say "Notice: Undefined variable: $user in blah\process.php" or "Notice: Undefined variable: $pass in blah\process.php" and it won't submit the form properly to set the user as logged in. Can someone tell me why $_POST won't work? Thanks

[Matthew.]

The message in question is just a notice, they can be suppressed (usually the are by default).


Add this as the top line of your script:

error_reporting(E_ALL ^ E_NOTICE);

[Chris.]

i did but it said the variable was undefined so it didn't run the script, so i didn't login

[HaloprO]

Let's make sure you got this right, is this what you're doing?

<?php
	error_reporting(E_ALL ^E_NOTICE);
	$username = $_POST['user'];
	$password = $_POST['pass'];
	if ($_POST['login']) {
		//login here
	}
?>
<form action="process.php" method="POST">
	Username:<br />
	<input type="text" name="user" /><br /><br />
	Password:<br />
	<input type="password" name="pass" /><br /><br />
	<input type="submit" name="login" value="Login!" />
</form>

That should work, don't see why it wouldn't.

[Chris.]

yeah but the form is a different page not all in one. it should still work eh?

[Matthew.]

Well no, what i provided should be at the top of all pages. It may not solve it but meh, notices aren't script ending messages so i thought.

[HaloprO]

Just put the form somewhere else in your page, should work.

[Chris.]

well i got it working just fine, thanks, but what is better $_REQUEST, $_GET, or $_POST??? Tnks

[Matthew.]

$_REQUEST and $_GET are basically the same, most use $_GET, and you cannot compare $_POST and $_GET. They server different purposes.

[Chris.]

they both work the same way though? lol

[Demonslay]

GET (and REQUEST) goes through the URL, so a form would submit like this.

http://site.com/login.php?user=person&pass=randomness

Thus, you can see it is not very safe for very private data, and anyone could access that page fairly easily.

POST, on the other hand, sends the data on an HTTP request, and is a tad safer for such information. It also tends to be cleaner on the URLs, and the script will only use data submitted via a form, thus someone can only access the page/data by using the form.

[Chris.]

i see, so $_POST is better to use?

[rc69]

Sorry, this is a very touchy topic with me, but most of what i'm about to say can be summed up here:
http://php.net/manua....predefined.php

Matthew., on Sep 21 2006, 02:46 PM, said:

$_REQUEST and $_GET are basically the same, most use $_GET, and you cannot compare $_POST and $_GET. They server different purposes.

Wrong. To put what php.net has to say shortly: $_REQUEST = array_merge($_GET, $_POST, $_COOKIE);
$_REQUEST contains the values of all 3 of those superglobals, with the later overwriting the former.
$_GET and $_POST are infinately comparable as they:
1. Are both used in conjunction with forms, and
2. Are both superglobals.

They are a means of allowing the user to communicate with the server, typically through a form, as your average joe doesn't even know what that wierd crap in the url is, or what it does.

When ever i encounter scripts that use $_REQUEST i gag. It is way to variable, the value of it can be from a post, get, or cookie. The only way to tell which value it contains is by checking the variable_order ini setting (which can be changed).
For form info, i prefer to use post since you can enter wierd characters in a form that would have to be urlencoded, then decoded. But for simply switching between pages, or passing a little value on here and there (through a link for instance), get is best.

__________________________________

Now that that's out of the way, if your server is saying the variable is undefined, then you might not be sending the value to the server. It could be a case-sensativity problem, a spelling error, or any number of other things. They only way to tell is to post the code for your form, and for the login.

Edited by rc69, 22 September 2006 - 12:35 PM.

[Chris.]

well it wasen't a login it is an install file, i was using the login as an example because it woould have taken longer to post the problem using the install file. but i figured out what was wrong. the name of the forms was one number different than what i put in the post actions. the form names were like
"dbhost1, dbname1, dbuser1, dbpass1" and the $_POST's were "dbhost, dbname, dbuser, dbpass" and i didn't catch that for quite sometime. But I got all the kinks worked out. thanks P2L!