Jump to content

undefined index, please help!

jarv

By jarv
in PHP Coding Help

Recommended Posts

jarv Advanced Member

jarv

Posted
Posted

I am currently working on my edit profile page,

Bell: <input name="bikeBell" type="checkbox" value="yes" <?php if ($record_set['bikeBell'] == 'yes') { echo "checked='checked'"; } ?> />

 

when checkbox is unchecked I get:

 

Notice: Undefined index: bikeBell in D:\wheresmybike.co.uk\wwwroot\editbike.php on line 19

Error: Unknown column 'john' in 'where clause'

SQL: UPDATE `wmb_members` SET rsBikeman=`Focus`, rsBikemod=`Raven`, rsBikeyear=`2008`, rsBikecolor=`Black and whIte`, rsDatetaken=`2009-11-11`, rsLocation=`Ropetackle, shoreham by sea`, rsLocpostcode=`bn`, rsOtherinfo=``, frontSus=`yes`, rearSus=`yes`, rsLocked=``, lockType=``, frontLight=`yes`, rearLight=`yes`, bikeBell=``, bikeBasket=`yes`, bikeBag=`yes` WHERE rsUser =john

Link to comment
https://forums.phpfreaks.com/topic/184878-undefined-index-please-help/
Share on other sites
cags Member

cags

Posted
Posted

For the notice, the message is telling you that $record_set doesn't contain a value by the name of 'bikeBell'.

For the error, the message is telling you that you don't have a column called john (well d'uh), this is because john is a string value and you have not encased it in single quotes ''.

For the SQL you have provided none of the ` are valid. You have used backticks (`) which has a special meaning in MySQL as 'the contents of these backticks is the name of a column'. In your case you want them to be strings so you need to swap them for a single quote (').

jarv Advanced Member

jarv

Posted
  • Author
Posted

ok thanks, changed all that, added a function checkbox_value and still i get:

 

Notice: Undefined index: rearSus in D:\wheresmybike.co.uk\wwwroot\editbike.php on line 17

 

Notice: Undefined index: bikeBasket in D:\wheresmybike.co.uk\wwwroot\editbike.php on line 23

 

Notice: Undefined index: bikeBag in D:\wheresmybike.co.uk\wwwroot\editbike.php on line 24

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''wmb_members' SET rsBikeman='Focus', rsBikemod='Raven', rsBikeyear='2008', rsBik' at line 1

SQL: UPDATE 'wmb_members' SET rsBikeman='Focus', rsBikemod='Raven', rsBikeyear='2008', rsBikecolor='Black and whIte', rsDatetaken='2009-11-11', rsLocation='Ropetackle, shoreham by sea', rsLocpostcode='bn45', rsOtherinfo='', frontSus='yes', rearSus='', rsLocked='', lockType='', frontLight='0', rearLight='0', bikeBell='0', bikeBasket='0', bikeBag='0' WHERE rsUser ='john'

 

my code now:

<?php
include_once('config.php');
function checkbox_value($name) {
    return (isset($_POST[$name]) ? 1 : 0);
}
if(isset($_POST['Update'])){
$rsUser = mysql_real_escape_string(stripslashes($_POST['rsUser']));
$rsBikeman = mysql_real_escape_string(stripslashes($_POST['rsBikeman']));
$rsBikemod = mysql_real_escape_string(stripslashes($_POST['rsBikemod']));
$rsBikeyear = mysql_real_escape_string(stripslashes($_POST['rsBikeyear']));
$rsBikecolor = mysql_real_escape_string(stripslashes($_POST['rsBikecolor']));
$rsDatetaken = mysql_real_escape_string(stripslashes($_POST['rsDatetaken']));
$rsLocation = mysql_real_escape_string(stripslashes($_POST['rsLocation']));
$rsLocpostcode = mysql_real_escape_string(stripslashes($_POST['rsLocpostcode']));
$rsOtherinfo = mysql_real_escape_string(stripslashes($_POST['rsOtherinfo']));
$frontSus = mysql_real_escape_string(stripslashes($_POST['frontSus']));
$rearSus = mysql_real_escape_string(stripslashes($_POST['rearSus']));
$rsLocked = mysql_real_escape_string(stripslashes($_POST['rsLocked']));
$lockType = mysql_real_escape_string(stripslashes($_POST['lockType']));
$frontLight = mysql_real_escape_string(stripslashes(checkbox_value($_POST['frontLight'])));
$rearLight = mysql_real_escape_string(stripslashes(checkbox_value($_POST['rearLight'])));
$bikeBell = mysql_real_escape_string(stripslashes(checkbox_value($_POST['bikeBell'])));
$bikeBasket = mysql_real_escape_string(stripslashes(checkbox_value($_POST['bikeBasket'])));
$bikeBag = mysql_real_escape_string(stripslashes(checkbox_value($_POST['bikeBag'])));


$sql = "UPDATE 'wmb_members' SET rsBikeman='$rsBikeman', rsBikemod='$rsBikemod', rsBikeyear='$rsBikeyear', rsBikecolor='$rsBikecolor', rsDatetaken='$rsDatetaken', rsLocation='$rsLocation', rsLocpostcode='$rsLocpostcode', rsOtherinfo='$rsOtherinfo', frontSus='$frontSus', rearSus='$rearSus', rsLocked='$rsLocked', lockType='$lockType', frontLight='$frontLight', rearLight='$rearLight', bikeBell='$bikeBell', bikeBasket='$bikeBasket', bikeBag='$bikeBag' WHERE rsUser ='".$rsUser."'";

$result = mysql_query($sql) or die('Error: ' . mysql_error() . '<br>SQL: ' . $sql);

header("Location: main.php");
}  
?>

cags Member

cags

Posted
Posted

The error in your SQL syntax is because you have wmb_members encases in single quotes when it's a column name, remove them.

 

The undefine index is caused because the $_POST array doesn't contain a value for those items. If they are checkboxes on the form and they are not checked they will not appear in the $_POST array. I can see how you would think your function would get around this but it won't as you are attempting to pas $_POST['something'] to the function when $_POST['something'] doesn't exist. You could use something as simple as...

 

$bikeBell = isset($_POST['bikeBell']) ? 1 : 0;

 

Since you are providing the values of 1 and 0 (ie they are hardcoded) you know they cannot be injected.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.