PHP: how to use a variable from one if statement in another

Question

Separately the forms are ok, but combined.... not really. The struggle is that i can't access the variable $name from the first if statement in the second.
Error : Undefined variable: name

html:

<form method="POST" enctype="multipart/form-data" id="form1">
Name: <input type="text" name="name"><br>
Pass: <input type="password" name="pass"><br>
<input type="submit" name="submit1" value="Влез">
</form>

<form method="POST" enctype="multipart/form-data" id="form2">
    We need some more information about you<br>
    Please enter your e-mail: <input type="text" name="email"><br>
    Please enter a new Password <input type="password" name="pass1" ><br>
    Plese reenter tour new password <input type="password" name="pass2"><br>
    <input type="submit" name="submit2" value="Save">
</form>

php:

require('config.php');
?><script type="text/javascript">document.getElementById("form2").style.display="none"; </script><?php
       if(isset($_POST['submit1']))
    {
        $name = mysql_escape_string($_POST['name']);
        $pass = mysql_escape_string($_POST['pass']);
        //chek if the username and password are correct
        $check = mysql_query("SELECT * FROM test WHERE name = '$name' AND pass = '$pass'");
        if(mysql_num_rows($check) >= 1)
        {

            ?>
            <script type="text/javascript">
            document.getElementById("form1").style.display="none";
            document.getElementById("form2").style.display="block";
            </script>
            <?php
            exit();
        }
        else echo "<h1><font color='red'> Грешно Име или Парола</font></h1>";
    }



    if(isset($_POST['submit2']))
    {
        $email = mysql_escape_string($_POST['email']);
        $pass1 = mysql_escape_string($_POST['pass1']);
        $pass2 = mysql_escape_string($_POST['pass2']);

        $checkpass = mysql_query("SELECT * FROM test WHERE pass = '$pass1'")or die(mysql_error());


        if($pass1 != $pass2){
            echo "Passwords do not Match";
        }

        elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)){
            echo "Wrong email format";
        }

        elseif (mysql_num_rows($checkpass)>=1) {
            echo "Password already taken";
        }

        elseif (empty($pass1) || empty($pass2) || empty($email)) {
            echo "Not all fields are filled";
        }

        else
        {
            //put in DB
            mysql_query("UPDATE test SET pass='$pass1' WHERE name='$name'") or die(mysql_error());
            mysql_query("UPDATE test SET email='$email' WHERE name='$name'") or die(mysql_error());

            ?><script type="text/javascript">
            document.getElementById("form1").style.display="none";
            document.getElementById("form2").style.display="none";
            </script><?php
            echo "<h1><font color='green'>Registration successful</font></h1>";
        }
    }

P.S don't mind the java script inside and no, i can't combine the forms!

Only one form is posted when pressing submit, so it's either `form1` **or** `form2` you get your data from. Can you put all `input` tags in one form? — vonUbisch, Jul 06 '15 at 22:15
Not really answering your question, but why would you let a user know if a password has already been taken? That just seems like a major vulnerability. — Cohan, Jul 06 '15 at 22:16
Please avoid using deprecated extensions. The mysql_* function group has been deprecated and is removed in future versions. To avoid issues in the future consider using either [PDO](http://php.net/manual/en/book.pdo.php) or [MySQLi](http://php.net/manual/en/book.mysqli.php) instead. Also consider checking up on SQL-injection attacks/vulnerabilities as your code has severe security issues regarding this. — AnotherGuy, Jul 06 '15 at 22:19
the password is randomly generated so it is better for me to be text password, but if this is such a struggle i edited it. About the mySQL ...yea i am considering using mySQLi_ instead (if someone shows me how to change the mySQL into mySQLi it would be great) — Kaloyan Terziev, Jul 07 '15 at 07:44

score 2 · Answer 1 · answered Jul 06 '15 at 22:35

The reason you cannot access the $name variable inside your second if statement is due to the form structure. You have two distinct forms and only one of them can be submitted at any time. Your if statements can therefore only handle one of the forms, either submit1or submit2. The simplest solution could be to combine the two forms and your if statements. You would then need more if statements to check what information has been provided and should be processed.

Bonus

One of your forms has names not in English. It is good practice to write code using the English language as other developers not familiar with your language are to read your code (as we do now). This also helps others if they want to research your implementations on the internet.

I would also recommend checking up on separation of concerns. As of now your code mixes presentation logic and domain logic (the action processing stuff). This may seem overwhelming, but I can assure you that it is an investment you will love in the future.

Happy coding!

I would be glad not to combine them. Thanks for the advice, but can you find another solution? — Kaloyan Terziev, Jul 07 '15 at 07:26

score 1 · Answer 2 · answered Jul 06 '15 at 22:23

As noted in the comments, you have an issue where only one function will be called, if you want the info from submit1 to be accessible in submit2, then change up your if statements.

if(isset($_POST['submit1']) || isset($_POST['submit1']))
{
    //submit1 code here

    if(isset($_POST['submit2']))
    {
        //submit2 code here
    }
}

This way, submit1 data will run for both submit buttons, and submit2 will be able to make use of the data as needed.

score 0 · Answer 3 · answered Jul 07 '15 at 20:28

i tried passing the variable with session_start() like this:

if(isset($_POST['submit1']))
{
    $name = mysql_escape_string($_POST['name']);

    session_start();
    $_SESSION["a"] = $name;

    $pass = mysql_escape_string($_POST['pass']);
    //chek if the username and password are correct
    $check = mysql_query("SELECT * FROM test WHERE name = '$name' AND pass = '$pass'");
    if(mysql_num_rows($check) >= 1)
    {

        ?><script type="text/javascript">
        document.getElementById("form1").style.display="none";
        document.getElementById("form2").style.display="block";
        </script><?php
    }
    else echo "<h1><font color='red'> Грешно Име или Парола</font></h1>";
}



if(isset($_POST['submit2']))
{
    session_start();
    $name = $_SESSION["a"];
    $email = mysql_escape_string($_POST['email']);
    $pass1 = mysql_escape_string($_POST['pass1']);
    $pass2 = mysql_escape_string($_POST['pass2']);

    $checkpass = mysql_query("SELECT * FROM test WHERE pass = '$pass1'")or die(mysql_error());


    if($pass1 != $pass2){
        echo "Passwords do not Match";
    }

    elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)){
        echo "Wrong email format";
    }

    elseif (mysql_num_rows($checkpass)>=1) {
        echo "Password already taken";
    }

    elseif (empty($pass1) || empty($pass2) || empty($email)) {
        echo "Not all fields are filled";
    }

    else
    {
        //put in DB
        mysql_query("UPDATE test SET pass='$pass1' WHERE name='$name'") or die(mysql_error());
        mysql_query("UPDATE test SET email='$email' WHERE name='$name'") or die(mysql_error());

        ?><script type="text/javascript">
        document.getElementById("form1").style.display="none";
        document.getElementById("form2").style.display="none";
        </script><?php
        echo "<h1><font color='green'>Registration successful</font></h1>";
    }
}

PHP: how to use a variable from one if statement in another

3 Answers3