I am newbie learning PHP, and I think my problem is that I can’t pass a variable value from HTML to PHP:
I have one page, called login.php. Here it is its code, along with its HTML code as well:
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$showAlert = false;
$showError = false;
include 'partials/_dbconnect.php';
$username = $_POST["username"];
$password = $_POST["password"];
$cpassword = $_POST["cpassword"];
$exists = false;
if (($password == $cpassword) && $exists == false) {
$sql = "INSERT INTO `snousersinfo` (`username`, `password`, `date`) VALUES ('$username', '$password', current_timestamp())";
$result = mysqli_query($conn, $sql);
if ($result) {
$showAlert = true;
}
else {
$showError = "Passwords don't match";
}
}
}
?>
<html lang="en">
<head>
</head>
<body>
<?php
if ($showAlert) {
echo '<div class="alert alert-success alert-dismissible fade show" role="alert">
<strong>Done!</strong> You account is now created.
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
</div>';}
?>
Here i’m getting problem with the $showAlert. Xamp is giving warning like :-
Warning: Undefined variable $showAlert in C:xampphtdocslogin with phplogin.php on line 38
so iam nit able to run my code with this problem.
If anyone is here to clear my error then please help me out of this.
2
Answers
It appears that you may be experiencing an issue where the
$showAlert
variable is not being set correctly, which is causing problems when checking it in theif ($showAlert)
statement.Based on your code, it seems that the
$showAlert
variable is only set to true inside the conditional block where the query is executed successfully. However, if the condition is not met, the variable remains undefined, resulting in the warning you mentioned.To address this, you can initialize the
$showAlert
variable at the beginning of your code outside theif ($_SERVER["REQUEST_METHOD"] == "POST")
block, and set it to false initially:By doing this, you ensure that
$showAlert
is always defined, even if thePOST
request condition is not satisfied (like when request isGET
). This should help resolve the issue you’re facing.And about MySQL injection, it’s important to take security precautions when working with user inputs. In your code, you’re directly using the
$_POST
values in your SQL query. This approach can potentially expose your application to SQL injection attacks.To mitigate this risk, it’s recommended to use prepared statements or parameterized queries. Prepared statements allow you to separate the SQL logic from the data values, preventing malicious SQL code from being executed.
If you have any further questions or need additional assistance, feel free to ask.
Good luck with your PHP learning!
It seems like you don’t
POST
anything. and you make the variable$showAlert
after something is posted. in the lower part of the code you already try to access the variable while it’s not declared because you didn’t posting anything. I would recommend declaring the$showAlert
variable just above the if-statement with the post-check about like this:$showAlert = false;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
I hope this will help.