Undefined variable : function parameter (PHP)

Question

I'am newbie with PHP and i have a issue with my php form validation that return this error, if the username and the password are not defined.

Notice: Undefined variable: username in D:\hpsp\controller\loginvalidation.inc.php on line 64

I use 2 functions (usernameValidation & passwordValidation) to check if $_POST input are correct or not but i don't know what's and where i have to put the correct script, Thank you in advance.

<?php
session_start();
require_once('../model/pdo.inc.php');
// function for checking the username validation (not empty & Regex)
function usernameValidation($username) // Username as parameter
{
if ( !empty($_POST['username']) )
{
    $username = strtolower(htmlspecialchars($_POST['username'])); // username will be tranform to lowercase before regex matching

    if ( preg_match('#^[a-z0-9\.]{5,20}$#', $username) ) //  5 <= username lenght <= 20 in lowercase character to be valid
    {
        return true; // return true when the username is valid
    }
    else
    {
        echo "Invalid username, please re-try" ;
    }
}
else
{
    echo "Enter your username";
}
}

// function for checking the password validation (not empty & Regex)
function passwordValidation($password) // Password as parameter
{
if ( !empty($_POST['password']) )
{
    $password = htmlspecialchars($_POST['password']) ; // Protect the password

    if ( preg_match('#^[a-zA-Z0-9\.-_@$()]{6,10}$#', $password) ) // 6 <= password length <= 10 character to be valid
    {
        return true; // return true when password is valid
    }
    else 
    {
        echo "Invalid password, please re-try";   
    }
}
else
{

    echo "Enter your password";    
}
}


if ( usernameValidation($username) == true AND passwordValidation($password) == true )
{
// PDO Query (SELECT ...)
}

To put your parameter as optional, you need to put it like that : `functionName($var='default')` — Raphaël Gonçalves, Apr 08 '15 at 13:57
`$username` Where do you have this variable defined in your script? :) — Rizier123, Apr 08 '15 at 13:57
try to echo $_POST['username'] and check either it have some value or not? — Alive to die - Anant, Apr 08 '15 at 13:58
You are initializing $username in usernameValidation. Because this is a function the $username variable can't be called upon outside of that function. You will need to define $username outside of the function usernameValidation() to make it work. — Lost F., Apr 08 '15 at 13:58
use if ( usernameValidation($_POST['username']) == true AND passwordValidation($POST['password']) == true ) — Saty, Apr 08 '15 at 14:00
At your case both function must not have any param in them usernameValidation($username) > usernameValidation() you catch data directly from POST's which is wrong but you have to think how to change it .. — Svetoslav, Apr 08 '15 at 14:00

score 0 · Answer 1 · answered Apr 08 '15 at 14:05

0

Define your functions withow arguments

function usernameValidation(){ ... }

and call it

if ( usernameValidation() == true AND passwordValidation() == true )

answered Apr 08 '15 at 14:05

rangelovg

71
3

score 0 · Answer 2 · answered Apr 08 '15 at 14:07

<?php
 session_start();
require_once('../model/pdo.inc.php');
// function for checking the username validation (not empty & Regex)
function usernameValidation($username) // Username as parameter
{
if ( !empty($_POST['username']) )
{
$username = strtolower(htmlspecialchars($_POST['username'])); // username will be tranform to lowercase before regex matching

if ( preg_match('#^[a-z0-9\.]{5,20}$#', $username) ) //  5 <= username lenght <= 20 in lowercase character to be valid
{
    return true; // return true when the username is valid
}
else
{
    echo "Invalid username, please re-try" ;
}
}
else
{
echo "Enter your username";
}
}

// function for checking the password validation (not empty & Regex)
function passwordValidation($password) // Password as parameter
{
if ( !empty($_POST['password']) )
{
$password = htmlspecialchars($_POST['password']) ; // Protect the password

if ( preg_match('#^[a-zA-Z0-9\.-_@$()]{6,10}$#', $password) ) // 6 <= password length <= 10 character to be valid
{
    return true; // return true when password is valid
}
else 
{
    echo "Invalid password, please re-try";   
}
}
 else
{

echo "Enter your password";    
}
}

$username = $_POST['username'];
$password = $_POST['password'];

if ( usernameValidation($username) == true AND   passwordValidation($password) == true )
{
 // PDO Query (SELECT ...)
}

Hello Amitesh, your script give the same problem – datacatalyst Apr 08 '15 at 18:50 — datacatalyst, Apr 08 '15 at 18:50

score 0 · Answer 3 · answered Apr 08 '15 at 14:08

0

Change your last if condition to the code below:

if ( usernameValidation($_POST['username']) == true AND passwordValidation($_POST['password']) == true )
{

}

In your functions only use the variables $username and $password and not(!) $_POST['username'] and $_POST['password']

answered Apr 08 '15 at 14:08

Arlind Hajredinaj

8,380
3
30
45

Hi Arlind, can you explain please why we should not use $_['foo'] in function? – datacatalyst Apr 08 '15 at 20:16
Because you are passing the $_POST['foo'] to the function by parameter. so the value of $_POST['username'] is saved into $username – Arlind Hajredinaj Apr 08 '15 at 22:31

score 0 · Accepted Answer · answered Apr 08 '15 at 14:10

I would do something like this (note you never want to echo out individual messages for email and password to stop hackers gaining information about which is correct:

session_start();
require_once('../model/pdo.inc.php');

//username and password will contain the posted resulte or FALSE
$username = usernameValidation();
$password = passwordValidation();
if (!$username OR !$password) {
    echo 'Invalid username or password!';
    die;
}
// PDO Query (SELECT ...)

// function for checking the username validation (not empty & Regex)
function usernameValidation() { // Username as parameter
    if (!empty($_POST['username'])) {
        $username = strtolower(htmlspecialchars($_POST['username'])); // username will be tranform to lowercase before regex matching

        if (preg_match('#^[a-z0-9\.]{5,20}$#', $username)) { //  5 <= username lenght <= 20 in lowercase character to be valid
            return $username; // return true when the username is valid
        }
    }
    return FALSE;
}

// function for checking the password validation (not empty & Regex)
function passwordValidation() { // Password as parameter
    if (!empty($_POST['password'])) {
        $password = htmlspecialchars($_POST['password']); // Protect the password

        if (preg_match('#^[a-zA-Z0-9\.-_@$()]{6,10}$#', $password)) { // 6 <= password length <= 10 character to be valid
            return $password; // return true when password is valid
        }
    }
    return FALSE;
}

You are right naw103 i was focused on give the user which right username or password, but for security reason I'll take this note into consideration. — datacatalyst, Apr 08 '15 at 18:37
Can i ask you a question, why i shouldn't give a parameter to the function? — datacatalyst, Apr 08 '15 at 18:53
You dont need to pass the username into the function since you were already getting the data from the POST inside those functions and hence I saw the functions job as getting the username for you (as well performing validation etc) — naw103, Apr 09 '15 at 15:49

score 0 · Answer 5 · edited Jul 11 '23 at 11:03

0

You defined $username and $password, it is $_POST['username'] and $_POST['password']. And you can also make a function without parameters. By making these changes your problem will be solved.

edited Jul 11 '23 at 11:03

Rohit Gupta

4,022
20
31
41

answered Apr 08 '15 at 14:27

Sourabh

500
2
14

Undefined variable : function parameter (PHP)

5 Answers5