By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,253 Members | 1,701 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,253 IT Pros & Developers. It's quick & easy.

Notice: Undefined variable

P: 5
Thank you. I have another problem with Form.
I have this code in my first formpage01.php
Expand|Select|Wrap|Line Numbers
  1. <form method="post" action="hiUser.php">
  2. Please type your name: <input type="text" name="userName" value="" />
  3. <br />
  4. <input type="submit" />
  5. </form>

And here's my code in hiUser.php
Expand|Select|Wrap|Line Numbers
  1. <?php 
  2. print "<h3>Hi there, $userName</h3>";
  3. ?>
The ERROR when I hit the Submit button is:
Notice: Undefined variable: userName in C:\wamp\www\phpPractice\hiUser.php on line 13
Thanks in advance
Mar 23 '10 #1

✓ answered by Atli

This is because you need to use the $_POST or $_GET arrays to read data posted to PHP by a <form>. Which on you should use depends on the "method" attribute of the form.

In your case, you should use $_POST:
Expand|Select|Wrap|Line Numbers
  1. $userName = $_POST['userName'];
  2. print "<h3>Hi there, $userName</h3>";
Also, for future reference, when you print "external" or "unsafe" data -- which is basically everything that is not "hard coded" into your code -- into a HTML page, you should run it through htmlentities before printing it.
Expand|Select|Wrap|Line Numbers
  1. $userName = htmlentities($_POST['userName'], ENT_QUOTES, "ISO-8859-1");
  2. print "<h3>Hi there, $userName</h3>";
(Note that if you use a different charset, like UTF-8, you need to change the third parameter to reflect that.)

P.S.
What you did in your code is possible, using the now obsolete register_globals directive. But that feature has been made deprecated for security reasons and will be removed in future versions of PHP, so it is a bad idea to keep using it.

P.P.S.
I've split this question from your other thread into it's own thread. Please post new questions in new threads.

Share this Question
Share on Google+
4 Replies


Atli
Expert 5K+
P: 5,058
This is because you need to use the $_POST or $_GET arrays to read data posted to PHP by a <form>. Which on you should use depends on the "method" attribute of the form.

In your case, you should use $_POST:
Expand|Select|Wrap|Line Numbers
  1. $userName = $_POST['userName'];
  2. print "<h3>Hi there, $userName</h3>";
Also, for future reference, when you print "external" or "unsafe" data -- which is basically everything that is not "hard coded" into your code -- into a HTML page, you should run it through htmlentities before printing it.
Expand|Select|Wrap|Line Numbers
  1. $userName = htmlentities($_POST['userName'], ENT_QUOTES, "ISO-8859-1");
  2. print "<h3>Hi there, $userName</h3>";
(Note that if you use a different charset, like UTF-8, you need to change the third parameter to reflect that.)

P.S.
What you did in your code is possible, using the now obsolete register_globals directive. But that feature has been made deprecated for security reasons and will be removed in future versions of PHP, so it is a bad idea to keep using it.

P.P.S.
I've split this question from your other thread into it's own thread. Please post new questions in new threads.
Mar 23 '10 #2

P: 5
Thanks for replying. Sorry about the new question. Actually I solved my problem while waiting for an answer. I Googled again and I found out that register_global is probably off so I wrote the following code at the top of my hiUser.php page:
Expand|Select|Wrap|Line Numbers
  1. <?php 
  2. $userName = $_REQUEST["userName"];
  3. ?>
I also tried your suggestion $userName = $_POST['userName']; just now and it worked as well. Which one should I use?

Thanks
Mar 23 '10 #3

Atli
Expert 5K+
P: 5,058
It's generally better to avoid using $_REQUEST. It contains all the values of $_GET, $_POST and $_COOKIE, meaning that if any of them contain elements with the same name, one will overwrite the other.

You will also never be sure where the variable is coming from if you use $_REQUEST. It could be coming from any of the three sources. For example, if you use $_REQUEST in your script, and rather than using the form to post to it you just enter the URL of the "action" page directly, like so:
- http://example.com/action.php?userName=xyz
This will also be considered valid, even tho you didn't go through the form.
Mar 23 '10 #4

P: 5
ok I'll do that.

Thank you very much.
Mar 23 '10 #5

Post your reply

Sign in to post your reply or Sign up for a free account.