I was doing php forms, and the else statement is only being outputted

Question

here is the code - I don't where the problem is...

My form:

  <form action="process1.php" method="post" >   
    first name : <input type="text" name="first name" value="" />
    password : <input type="password" name="pasword" value= "" />
    <br/>
    <input type="submit" name="submit" value="submit" />
    </form>

process1.php

    <?php
    $users = array("abhishek","alan" ); # was doing to limit the users  
    if (firstname == $users ){
        $firstname = $_post['firstname'];
        $password  = $_post[ 'password'];
        echo "$firstname" . "and". "$password"; 
    }else { 
        echo "access denied";
    } 
     ?>

Even if I type abhishek or alan the output is showing access denied:

Notice: Use of undefined constant firstname -  
assumed 'firstname' in F:\wamp\www\php_sandbox\process1.php on line 9     
access denied

In `firstname == $users`, what is `firstname`? Should that be a string? A variable? — Rocket Hazmat, Sep 22 '16 at 15:23
I'm not sure how the error could be clearer - you're comparing the string "firstname" to an array, since you're referencing an undefined constant. That's never going to match. — iainn, Sep 22 '16 at 15:24
and also You're concatenating vars, so: echo $firstname . " and ".$password; — num8er, Sep 22 '16 at 15:25
**Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Sep 22 '16 at 16:47

Neobugu · Answer 1 · 2016-09-22T15:33:55.713

In your form, you named your input 'first name', but in your php, you search it like 'firstname' (spaces).

Also, change $_post to $_POST; and your if clause, you need to add $ to first name, and also declare it.

Form

<form action="process1.php" method="post" >   
    first name : <input type="text" name="firstname" value="" />
    password : <input type="password" name="password" value= "" />
    <br/>
    <input type="submit" name="submit" value="submit" />
</form>

PHP

<?php
$firstname = $_POST['firstname'];
$users = array("abhishek","alan" ); # was doing to limit the users
if (in_array($firstname,$users) )
{
 $password  = $_POST['password'];
 echo "$firstname" . " and ". "$password";
}else {
 echo "access denied";
}
?>

score 0 · Accepted Answer · answered Sep 22 '16 at 15:30

I know I shouldn't be answering this due to such low quality - but it's perhaps helpful to explain to others (again and again and again)

The error Notice: Use of undefined constant firstname - assumed 'firstname' could not really be clearer, firstname is not a variable. You mean $firstname, but you also mean to define it from the POST data before using it.

See line-by-line commentary:

$users = array("abhishek", "alan"); // Creates an array
if (firstname /* "firstname" */ == $users) { // You're comparing a string to an array
    $firstname = $_post['firstname']; // You're defining the variable after you've used it, assuming corrected above
    $password  = $_post[ 'password'];
    echo "$firstname" . "and". "$password"; // Here you're concatenating three strings needlessly
}else { 
    echo "access denied";
}

More valid code is this, explained LbL:

$users = array("abhishek", "alan"); // Define array
$firstname = $_POST['firstname']; // Create $firstname from POSTed data
$password  = $_POST[ 'password']; // Create $password from POSTed data
if (!empty($firstname) && in_array($firstname, $users))
{ // Check if $firstname has a value, and also is IN the array
    echo "$firstname and $password";  // Variables are automatically placed in double quoted strings
} else {
    echo "access denied";
}

You also need to correct the HTML input fields to have correct names:

first name : <input type="text" name="firstname" value="" />
password : <input type="password" name="password" value= "" />

I would suggest reading up a lot more about PHP / programming in general before continuing this, as you'll have a very insecure system very quickly if you build upon this.

I was doing php forms, and the else statement is only being outputted

2 Answers2