• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
need help Message: Undefined variable

#1
PHP Code:
public function save(){
 
$this->load->helper('date');
 if(
$_SERVER["REQUEST_METHOD"] == "POST"){
 
$data = array(
 
"USERNAME" => $this->input->post("email"),
 
"PASSWORD" => md5($this->input->post("PASSWORD")),
 
"CREATE_DATE" => NOW(),
 
"STATUS" => 1,
 
"USER_TYPE" =>2
 
 
);
 
$query $this->db->insert("user"$data);
 if(
$query){
 
$this->db->where("email"$this->input->post("email"));
 
$q_profile $this->db->query("SELECT id FROM user WHERE USERNAME ='{"mysql_real_escape_string($this->input->post('email')). "}' LIMIT 1");
 foreach (
$q_profile->result() as $p){
 
 
$uid $p->id;
 
 }
 
 
 
$profile = array(
 
"USER_ID" =>$uid,
 
"NAME" => $this->input->post("name"),
 
"LASTNAME" => $this->input->post("lastname")
 );
 
 
$query_profile $this->db->insert("user_profile"$profile);
 if(
$query_profile){
 return 
true;
 }else{
 return 
false;
 }
 }
 
 }
 
 } 
Quote:A PHP Error was encountered

Severity: Notice

Message: Undefined variable: uid

Filename: models/model_register.php

Line Number: 31

Backtrace:

File: D:\AppServ\www\bilbo_ci\application\models\model_register.php
Line: 31
Function: _error_handler

File: D:\AppServ\www\bilbo_ci\application\controllers\page.php
Line: 47
Function: save

File: D:\AppServ\www\bilbo_ci\index.php
Line: 292
Function: require_once
Reply

#2

Hi,

I hope you are just learning and not selling any scripts or programming for money yet, the code you wrote is not safe, it is dangerous actually... but if you are just learning its okay for start, i'm practicing CI for +4 months and still learning security and still don't think i should write for money...

Please read the CodeIgniter's documents before starting to write, the whole point is to use all Framework functions so they can get updated if there are any issues, and also to protect us from mistakes, if you want to just use your own methods, then why use a framework at all?

1. You MD5 a password? and not even salted? please don't... AT THE VERY LEAST use sha256 with a random salt: hash('sha256', $password.$salt) and save salt in database too, even this is not enough but md5 is almost like plain text password today.

2. I noticed the part you use mysql_real_escape_string(), always use "Query Bindings" or CodeIgniter's "Active Record Class" for queries (both are well detailed in documents)

The code you wrote is already deprecated in PHP 5.5 (http://php.net/manual/en/function.mysql-...string.php)

3. Why did you use ` $this->db->where("email", $this->input->post("email")); ` before $q_profile ? i don't see you using it for anything, it's just an additional useless query

And more...


To answer your question, $uid is not defined,
also instead of all that queries you could just use insert_id()

PHP Code:
$query $this->db->insert("user"$data);

if(
$query){
 
$this->db->where("email"$this->input->post("email"));
 
$q_profile $this->db->query("SELECT id FROM user WHERE USERNAME ='{"mysql_real_escape_string($this->input->post('email')). "}' LIMIT 1");
 foreach (
$q_profile->result() as $p){
 
 
$uid $p->id;


simply use:

PHP Code:
$query $this->db->insert("user"$data);

if (
$this->db->affected_rows() < 1)
{
    return 
FALSE;
}

$uid $this->db->insert_id(); 


Please read User Guide first, don't be that lazy...

P.S. Consider using Ion Auth to handle your signup/login/passwords : http://benedmunds.com/ion_auth/
Reply

#3
hello noobie.
I,m new, I try to learning CI, your reply number 3 I forget delete sorry.
thank very much for your help, my problem resolved., I will try another

sorry english my bad.
Reply

#4
You can initialize $uid at the start like this:
$uid = '';
Rolleyes
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.