CODEWITHSUNDEEP
phpmysql
rumspringa00
rumspringa00

Reputation: 132

Undefined variable?

I'm getting an undefined variable error for $id variable in lines 15 & 21, could someone please explain why? I can't see what the problem is. 

<?php
function userIsLoggedIn()
{
    if (isset($_POST['action']) and $_POST['action'] == 'login')
    {
        if (!isset($_POST['email']) or $_POST['email'] == '' or
            !isset($_POST['password']) or $_POST['password'] == '')
        {
            $GLOBALS['loginError'] = 'Please fill in both fields';
            return FALSE;
        }
        $password = md5($_POST['password'] . 'chainfire db');

        if (databaseContainsAuthor($_POST['email'], $password, $id))
        {   
        include 'db.inc.php';
            session_start();
            $_SESSION['loggedIn'] = TRUE;
            $_SESSION['email'] = $_POST['email'];  
            $_SESSION['password'] = $password;
            $_SESSION['id'] = $id;
            return TRUE;
        }
        else
        {
            session_start();
            unset($_SESSION['loggedIn']);
            unset($_SESSION['email']);
            unset($_SESSION['password']);
            unset($_SESSION['id']);
            $GLOBALS['loginError'] = 'The specified email address or password was incorrect.';
            return FALSE;
        }
    }
    if (isset($_POST['action']) and $_POST['action'] == 'logout')
    {
        session_start();
        unset($_SESSION['loggedIn']);
        unset($_SESSION['email']);
        unset($_SESSION['password']);
        unset($_SESSION['id']);
        header('Location: ' . $_POST['goto']);
        exit();
    }
    session_start();
    if (isset($_SESSION['loggedIn']))
    {
        return databaseContainsAuthor($_SESSION['email'], $_SESSION['password'], $_SESSION['id']);
    }
}
function databaseContainsAuthor($email, $password, $id)
{
    include 'db.inc.php';

    $email = mysqli_real_escape_string($link, $email);
    $password = mysqli_real_escape_string($link, $password);

    $sql = "SELECT COUNT(*) FROM author
            WHERE email='$email' AND password='$password'";
    $result = mysqli_query($link, $sql);

    if (!$result)
    {
        $error = 'Error searching for author.';
        include 'error.html.php';
        exit();
    }
    $row = mysqli_fetch_array($result);

    $sql = "SELECT id FROM author 
            WHERE email='$email'"; 
    $id = mysqli_query($link, $sql);
    if (!$id)
    {
        $error = 'Error searching for id.';
        include 'error.html.php';
        exit();
    }    

    if ($row[0] > 0)
    {
        return TRUE;
    }
    else
    {
        return FALSE;
    }
}

The variable $id is defined in databaseContainsAuthor($email, $password, $id), then stored in the $_SESSION['id'] session so naturally $id = mysqli_query($link, $sql); should have passed but it's not?

Upvotes: 1

Views: 1634

Answers (2)

bumperbox
bumperbox

Reputation: 10214

a few things the variable $id should be defined (not required but good practice) before you use it

so for example

$id = NULL;
if (databaseContainsAuthor($_POST['email'], $password, $id))

also setting the $id inside the databaseContainsAuthor function doesn't mean that $id will change outside the scope of that function.

You could make it global but that is considered bad practice

also your function databaseContainsAuthor

contains this code

if ($row[0] > 0)
{
    return TRUE;
}
else
{
    return FALSE;
}

which will return TRUE or FALSE. but note that once the code returns a value, none of the code after it will be run

which means this part might as well be commented out, as it is after the return statement it will never be run

$sql = "SELECT id FROM author 
            WHERE email='$email'"; 

    $id = mysqli_query($link, $sql);
    if (!$id)
    {
        $error = 'Error searching for id.';
        include 'error.html.php';
        exit();
    }

Upvotes: 1

Edoardo Pirovano
Edoardo Pirovano

Reputation: 8334

Variables changed (or defined) inside a function will not affect the rest of the script. For example:

<?php
function changeVariabe($person) {
    $person = 'Bob';
}
$person = 'Alice';
changeVariable($person);
echo "Hello $person!"; // Outputs: Hello Alice!

This can be avoided by passing the variable by reference, like this:

<?php
function changeVariabe(&$person) {
    $person = 'Bob';
}
$person = 'Alice';
changeVariable($person);
echo "Hello $person!"; // Outputs: Hello Bob!

You can also use global variables, like this:

<?php
function changeVariabe() {
    global $person;
    $person = 'Bob';
}
$person = 'Alice';
changeVariable();
echo "Hello $person!"; // Outputs: Hello Bob!

Upvotes: 2

Related Questions