PHP - "Notice: Undefined variable"

Question

PHP - "Notice: Undefined variable"

Asked 4 years, 4 months ago

Viewed 233 times

-3

I am implementing a code written in PHP 5 for PHP 7, however, I am receiving this warning (it is a form), when filled in the notice somem, and are normal.

Code:

<?php function base64($string)
{
    $output = false;
    $encrypt_method = ('AES-256-CBC');
    $secret_key = ('altere-a-chave');
    $secret_iv = ('altere-a-chave');
    $key = hash(('sha256') , $secret_key);
    $iv = substr(hash(('sha256') , $secret_iv) , 0, 16);
    $output = openssl_encrypt($string, $encrypt_method, $key, 0, $iv);
    $output = ($output);
    return $output;
}
if (empty($_POST))
{
    echo ('<style>#preview{display:none !important;}</style>');
}
else
{
    echo ('<style>#preview{display:block !important;}</style>');
}
if (empty($_POST))
{
    $buttonStatus = ('Start Encrypt');
    $buttonColor = ('#656565');
}
else
{
    $buttonStatus = ('Encrypted');
    $buttonColor = ('#337ab7');
}
if (!empty($_POST))
{
    extract($_POST);
    // <!-- Qltys -->
    $EncodeAuto = ($_POST[('Auto') ]);
    $EncodeFull = ($_POST[('FullHD') ]);
    $EncodeHD = ($_POST[('HD') ]);
    $EncodeSD = ($_POST[('M_SD') ]);
    $EncodeLOW = ($_POST[('LOW') ]);
    // <!-- Infos -->
    $EncodeTitle = ($_POST[('title') ]);
    $EncodeDesc = ($_POST[('description') ]);
    $EncodeImage = ($_POST[('background') ]);
    $EncodeCC = ($_POST[('captions') ]);
    $EncodeLogo = ($CONFIG[('SiteLogo') ]);
}

if (!isset($_SERVER[('HTTPS') ]))
{
    $dominio = ('http://') . $_SERVER[('SERVER_NAME') ] . ('/');
    $protoStatus = ('Seu protocolo e HTTP (SSL Desativado)');
}
else
{
    $dominio = ('https://') . $_SERVER[('SERVER_NAME') ] . ('/');
    $protoStatus = ('Seu protocolo e HTTPS (SSL Ativado)');
}

$jw7 = $dominio . ('admin/encrypt/jw7.php?auto=') . $EncodeAuto . ('&fullhd=') . $EncodeFull . ('&hd=') . $EncodeHD . ('&m_sd=') . $EncodeSD . ('&low=') . $EncodeLOW . ('&title=') . $EncodeTitle . ('&desc=') . $EncodeDesc . ('&background=') . $EncodeImage . ('&captions=') . $EncodeCC . ('&logo=') . $EncodeLogo;
$jw8 = $dominio . ('admin/encrypt/jw8.php?auto=') . $EncodeAuto . ('&fullhd=') . $EncodeFull . ('&hd=') . $EncodeHD . ('&m_sd=') . $EncodeSD . ('&low=') . $EncodeLOW . ('&title=') . $EncodeTitle . ('&desc=') . $EncodeDesc . ('&background=') . $EncodeImage . ('&captions=') . $EncodeCC . ('&logo=') . $EncodeLogo;
$iframejw8 = $dominio . ('embed.php?id=') . ($jw8);
$iframejw7 = $dominio . ('embed.php?id=') . ($jw7);
?>

You need to check that every value you are receiving is even being passed. Something like if (isset($_POST['parametro'])) { .... (And why all the parentheses in this code! No need to put the strings in parentheses!)

– bfavaretto

2020/07/19 at 03:59
A shortcut - which in this specific use case I consider valid - is simply to delete the error "at root" with @. For example: $encodeAuto = @$_POST['Auto'];.

– bfavaretto

2020/07/19 at 04:03
Okay, I’ll try, the parentheses was on account that all code was encrypted in Base64, I decrypted and ended up leaving the parentheses still

– Sofia Uyetaqui

2020/07/19 at 04:04
It worked, I believe that as it is not something that will matter a lot I can leave this way, thank you! : D

– Sofia Uyetaqui

2020/07/19 at 04:11
Suppressing errors is never a valid thing... I suggest solving the real problem (by checking if all the fields exist in the POST to only then try to use these variables. Also, use extract($_POST) is a bad approach, for reasons described here and here.

– Héliton Martins

2020/07/19 at 04:15
Sofia, I recommend reading https://www.php.net/manual/en/language.operators.errorcontrol.php. to understand what you are doing. @Hélitonmartins I know it’s a controversial opinion, but I really think it’s valid to delete the error when accessing $_POST only to assign its value to a variable, as in the example of my comment above. About Extract I am totally in agreement with you.

– bfavaretto

2020/07/19 at 04:33
1

@bfavaretto, I understand the point and I don’t believe @is a crime in itself (although the tendency to become one is very big)... Only in this case, the mistakes are not being triggered by something like $encodeAuto = $_POST['Auto']; (which would generate a Notice: Undefined Index), but by using undeclared variables (which, yes, generates a Notice: undefined variable) on the last lines, when defining $jw7 and $jw8...

– Héliton Martins

2020/07/19 at 05:02
@Hélitonmartins It’s true, I didn’t pay much attention to the code. So, depending on where she put the @ to solve, it may even have been a crime :)

– bfavaretto

2020/07/19 at 05:09

Show 3 more comments

1 answer

Browser other questions tagged php php-7

You are not signed in. Login or sign up in order to post.

by Héliton Martins • **361** points · Answer 1 · 2020-07-19T04:45:27+00:00

This is because you are using variables that you are not sure exist (because you only declare them when the $_POST contains the keys you want, but uses them regardless of whether you have declared or not).

In addition, use extract($_POST) is a bad approach, for reasons described here and here.

That said, I suggest the following Refactoring for your code:

<?php
function base64(string $string) : string
{
    $encrypt_method = ('AES-256-CBC');
    $secret_key = ('altere-a-chave');
    $secret_iv = ('altere-a-chave');
    $key = hash(('sha256'), $secret_key);
    $iv = substr(hash(('sha256'), $secret_iv), 0, 16);
    return openssl_encrypt($string, $encrypt_method, $key, 0, $iv);
}
   
if (empty($_POST) || !isset($_POST['Auto'], $_POST["FullHD"], $_POST["HD"], $_POST["M_SD"], $_POST["LOW"], $_POST["title"], $_POST["description"], $_POST["background"], $_POST["captions"], $_POST["SiteLogo"])) {
    // Bad request...
    echo('<style>#preview{display:none !important;}</style>');
    $buttonStatus = 'Start Encrypt';
    $buttonColor = '#656565';
} else {
    // Good request!
    echo('<style>#preview{display:block !important;}</style>');
    $buttonStatus = 'Encrypted';
    $buttonColor = '#337ab7';
    
    // Get POST data
    $EncodeAuto = $_POST['Auto'];
    $EncodeFull = $_POST["FullHD"];
    $EncodeHD = $_POST["HD"];
    $EncodeSD = $_POST["M_SD"];
    $EncodeLOW = $_POST["LOW"];
    $EncodeTitle = $_POST["title"];
    $EncodeDesc = $_POST["description"];
    $EncodeImage = $_POST["background"];
    $EncodeCC = $_POST["captions"];
    $EncodeLogo = $_POST["SiteLogo"];
    
    // Do whatever you're doing...
    $jw7 = $dominio . 'admin/encrypt/jw7.php?auto=' . $EncodeAuto . '&fullhd=' . $EncodeFull . '&hd=' . $EncodeHD . '&m_sd=' . $EncodeSD . '&low=' . $EncodeLOW . '&title=' . $EncodeTitle . '&desc=' . $EncodeDesc . '&background=' . $EncodeImage . '&captions=' . $EncodeCC . '&logo=' . $EncodeLogo;
    $jw8 = $dominio . 'admin/encrypt/jw8.php?auto=' . $EncodeAuto . '&fullhd=' . $EncodeFull . '&hd=' . $EncodeHD . '&m_sd=' . $EncodeSD . '&low=' . $EncodeLOW . '&title=' . $EncodeTitle . '&desc=' . $EncodeDesc . '&background=' . $EncodeImage . '&captions=' . $EncodeCC . '&logo=' . $EncodeLogo;
    $iframejw8 = $dominio . 'embed.php?id=' . $jw8;
    $iframejw7 = $dominio . 'embed.php?id=' . $jw7;
}

Note that I joined your various ifs by doing the same check in just one if/Else block, removed the dreaded extract() checking whether everything exists in the $_POST and then assigning each one to its variable.