What does the PHP error message "Notice: Use of undefined constant" mean?

PHP is writing this error in the logs: "Notice: Use of undefined constant".

Error in logs:

PHP Notice:  Use of undefined constant department - assumed 'department' (line 5)
PHP Notice:  Use of undefined constant name - assumed 'name' (line 6)
PHP Notice:  Use of undefined constant email - assumed 'email' (line 7)
PHP Notice:  Use of undefined constant message - assumed 'message' (line 8)

Relevant lines of code:

$department = mysql_real_escape_string($_POST[department]);
$name = mysql_real_escape_string($_POST[name]);
$email = mysql_real_escape_string($_POST[email]);
$message = mysql_real_escape_string($_POST[message]);

What does it mean and why am I seeing it?

Solution:

You should quote your array keys:

$department = mysql_real_escape_string($_POST['department']);
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']);
$message = mysql_real_escape_string($_POST['message']);

As is, it was looking for constants called department, name, email, message, etc. When it doesn't find such a constant, PHP (bizarrely) interprets it as a string ('department', etc). Obviously, this can easily break if you do defined such a constant later (though it's bad style to have lower-case constants).

Solution:

The error message is due to the unfortunate fact that PHP will implicitly declare an unknown token as a constant string of the same name.

That is, it's trying to interpret this (note the missing quote marks):

{-code-1}

The only valid way this would be valid syntax in PHP is if there was previously a constant {-code-2} defined. So sadly, rather than dying with a Fatal error at this point, it issues this Notice and acts as though a constant had been defined with the same name and value:

// Implicit declaration of constant called {-code-2} with value '{-code-2}'
define('{-code-2}', '{-code-2}');  

There are various ways you can get this error message, but they all have the same root cause - a token that could be a constant.

Strings missing quotes: {-code-4}

This is what the problem is in your case, and it's because you've got string array keys that haven't been quoted. Fixing the string keys will fix the bug:

Change:

{-code-8}{-code-2} = mysql_real_escape_string({-code-1});
...(etc)...

To:

{-code-8}{-code-2} = mysql_real_escape_string({-code-8}_POST['{-code-2}']);
...(etc)...

Variable missing dollar sign: {-code-7}

Another reason you might see this error message is if you leave off the {-code-8} from a variable, or {-code-8}this-> from a member. Eg, either of the following would cause a similar error message:

my_local;   // should be {-code-8}my_local
my_member;  // should be {-code-8}this->my_member

Invalid character in variable name: {-code-8}bad-variable-name

A similar but more subtle issue can result if you try to use a disallowed character in a variable name - a hyphen (-) instead of an underscore _ would be a common case.

For example, this is OK, since underscores are allowed in variable names:

if (123 === {-code-8}my_var) {
  do_something();
}

But this isn't:

if (123 === {-code-8}my-var) {
  do_something();
}

It'll be interpreted the same as this:

if (123 === {-code-8}my - var) {  // variable {-code-8}my minus constant 'var'
  do_something();
}

Referring to a class constant without specifying the class scope

In order to refer to a class constant you need to specify the class scope with ::, if you miss this off PHP will think you're talking about a global define().

Eg:

class MyClass {
  const MY_CONST = 123;

  public function my_method() {
    return self::MY_CONST;  // This is fine
  }


  public function my_method() {
    return MyClass::MY_CONST;  // This is fine
  }

  public function my_bad_method() {
    return MY_CONST;  // BUG - need to specify class scope
  }
}

Using a constant that's not defined in this version of PHP, or is defined in an extension that's not installed

There are some system-defined constants that only exist in newer versions of PHP, for example the mode option constants for such as PHP_ROUND_HALF_DOWN only exist in PHP 5.3 or later.

{-code-8}rounded = round({-code-8}my_var, 0, PHP_ROUND_HALF_DOWN);

$_array[text] = $_var;

$_array["text"] = $_var;

<?php

$department = $_POST['department'];

?>

<?php 
  ${test}="test information";
  echo $test;
?>

$department = mysql_real_escape_string($_POST['department']);
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']);
$message = mysql_real_escape_string($_POST['message']); 

$department = mysql_real_escape_string($_POST["department"]);
$name = mysql_real_escape_string($_POST["name"]);
$email = mysql_real_escape_string($_POST["email"]);
$message = mysql_real_escape_string($_POST["message"]);

define('MYSQL_BOTH',MYSQLI_BOTH);
define('MYSQL_NUM',MYSQLI_NUM);
define('MYSQL_ASSOC',MYSQLI_ASSOC);