Home/ Questions/Q 6234245
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T10:27:00+00:00

I’m getting an undefined variable error for $id variable in lines 15 & 21,

  • 0

I’m getting an undefined variable error for $id variable in lines 15 & 21, could someone please explain why? I can’t see what the problem is. 

<?php
function userIsLoggedIn()
{
    if (isset($_POST['action']) and $_POST['action'] == 'login')
    {
        if (!isset($_POST['email']) or $_POST['email'] == '' or
            !isset($_POST['password']) or $_POST['password'] == '')
        {
            $GLOBALS['loginError'] = 'Please fill in both fields';
            return FALSE;
        }
        $password = md5($_POST['password'] . 'chainfire db');

        if (databaseContainsAuthor($_POST['email'], $password, $id))
        {   
        include 'db.inc.php';
            session_start();
            $_SESSION['loggedIn'] = TRUE;
            $_SESSION['email'] = $_POST['email'];  
            $_SESSION['password'] = $password;
            $_SESSION['id'] = $id;
            return TRUE;
        }
        else
        {
            session_start();
            unset($_SESSION['loggedIn']);
            unset($_SESSION['email']);
            unset($_SESSION['password']);
            unset($_SESSION['id']);
            $GLOBALS['loginError'] = 'The specified email address or password was incorrect.';
            return FALSE;
        }
    }
    if (isset($_POST['action']) and $_POST['action'] == 'logout')
    {
        session_start();
        unset($_SESSION['loggedIn']);
        unset($_SESSION['email']);
        unset($_SESSION['password']);
        unset($_SESSION['id']);
        header('Location: ' . $_POST['goto']);
        exit();
    }
    session_start();
    if (isset($_SESSION['loggedIn']))
    {
        return databaseContainsAuthor($_SESSION['email'], $_SESSION['password'], $_SESSION['id']);
    }
}
function databaseContainsAuthor($email, $password, $id)
{
    include 'db.inc.php';

    $email = mysqli_real_escape_string($link, $email);
    $password = mysqli_real_escape_string($link, $password);

    $sql = "SELECT COUNT(*) FROM author
            WHERE email='$email' AND password='$password'";
    $result = mysqli_query($link, $sql);

    if (!$result)
    {
        $error = 'Error searching for author.';
        include 'error.html.php';
        exit();
    }
    $row = mysqli_fetch_array($result);

    $sql = "SELECT id FROM author 
            WHERE email='$email'"; 
    $id = mysqli_query($link, $sql);
    if (!$id)
    {
        $error = 'Error searching for id.';
        include 'error.html.php';
        exit();
    }    

    if ($row[0] > 0)
    {
        return TRUE;
    }
    else
    {
        return FALSE;
    }
}

The variable $id is defined in databaseContainsAuthor($email, $password, $id), then stored in the $_SESSION['id'] session so naturally $id = mysqli_query($link, $sql); should have passed but it’s not?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    a few things
    the variable $id should be defined (not required but good practice) before you use it

    so for example

    $id = NULL;
if (databaseContainsAuthor($_POST['email'], $password, $id))

    also setting the $id inside the databaseContainsAuthor function doesn’t mean that $id will change outside the scope of that function.

    You could make it global but that is considered bad practice

    also your function databaseContainsAuthor

    contains this code

    if ($row[0] > 0)
{
    return TRUE;
}
else
{
    return FALSE;
}

    which will return TRUE or FALSE. but note that once the code returns a value, none of the code after it will be run

    which means this part might as well be commented out, as it is after the return statement it will never be run

    $sql = "SELECT id FROM author 
            WHERE email='$email'"; 

    $id = mysqli_query($link, $sql);
    if (!$id)
    {
        $error = 'Error searching for id.';
        include 'error.html.php';
        exit();
    }
    • 0