Undefined Variable problems

[Blaik]

Okay, I know little to nothing of PHP and SQL, but I understand enough about coding logic to kinda read parts of it.

 

I'm trying to use an open source home inventory tracking program. I loaded it a year ago and never had any issues with it, but never really used it heavily, so I deleted it off that system.  I have a new laptop now and wanted to give this program another try. I was able to load it up just fine and everything works like its supposed to up until I enter the UPC and submit it. I get the proper follow up screen, but I also get this:

 

 

Notice: Undefined variable: quan1 in C:\xampp\htdocs\addupc.php on line 29

 

So I look up that PHP doc and line 29 is

 

$quan2 = (($quan)+($quan1));

 

but right above that line is the following:

 

while ($all = mysql_fetch_array($contlist)) {

$quan1 = $all['quant'];

$upc1 = $all['upc'];

$brand = $all['brand'];

$descrip = $all['descrip'];

$size = $all['size'];

$flavor = $all['flavor'];

$cat = $all['cat'];

}

 

Which looks like (to me) defines quan1, but again I point out my lack of intricate understanding.

 

Because it gives the proper screen even with the Notice, I have tried to go ahead and enter the information and then attempt to add it to the database and I receive the following:

 

Notice: Undefined index: quan in C:\xampp\htdocs\addnewprocess.php on line 6

<Actual UPC code>

 

Notice: Undefined variable: quan1 in C:\xampp\htdocs\addnewprocess.php on line 32

 

Updated <Actual Description>

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's', 'Pork n Beans', '16 oz', 'Pork n Beans', 'Canned Veget' at line 2

 

It looks like it updated, so I used the report function to check it, but it comes back empty. Oddly enough, if I don't enter ANY or any valid info (using 'test' in all fields) it does update, although it gives the same notices listed above.

 

I think it's an issue with the code, but I don't know where. I thought maybe it was the browser(chrome) at first. I tried it on IE and Firefox and got the same results. I also tried using it with older versions of XAMPP and XAMPP Lite.

 

The loading process and all the files can be found at cheaphomesteading.com if anyone wants to load it up and see how it works for them. I don't know whether the code has been updated recently or not, but I'm pretty sure it hasn't been. So can anyone offer advice as to why it's not working properly for me? Are there any modifications that I can make to get it to run better.

[Psycho]

Depending upon the level of error reporting some errors/warnings may be displayed while others are not. For example, if you try to reference a variable that has not been set, PHP may just assume a value of '0' and not display the warning. It looks like the error reporting level on your current machine is higher than the previous one you used.

 

Basically, the person who coded the app did so with either little knowledge about these problems (because he had a low threshold for error reporting) or coded it with the intent of having a low error reporting level so he could be lazy in his coding.

 

You could try and adjust the error reporting in your PHP.ini file. Or, better yet, notify the author of the problem. There is a support link on the url you provided.

[Blaik]

Depending upon the level of error reporting some errors/warnings may be displayed while others are not. For example, if you try to reference a variable that has not been set, PHP may just assume a value of '0' and not display the warning. It looks like the error reporting level on your current machine is higher than the previous one you used.

 

Basically, the person who coded the app did so with either little knowledge about these problems (because he had a low threshold for error reporting) or coded it with the intent of having a low error reporting level so he could be lazy in his coding.

 

You could try and adjust the error reporting in your PHP.ini file. Or, better yet, notify the author of the problem. There is a support link on the url you provided.

 

I have notified him, but based on the frequency of his responses, it's likely going to be some time before he gets around to responding. Which is why I came here, in hopes that someone else may be able to look at it and see what I can't. I will try adjusting the level of error reporting and see if anything additional is displayed.

[Blaik]

Additional info. Part of the problem I've found. This may be PHP/SQL basics, but this program won't accept apostrophes. So now I can get it to take the UPC's and the input. But I'm still getting those notices about undefined variabls, not sure if it's going to affect anything long term.

[Psycho]

If the application " . . . won't accept apostrophes." Then, I suspect that he is not properly escaping the input prior to using them in a query. So, the queries are likely failing. You would have to go through the files to find anywhere a variable is used in a query and make sure that mysql_real_escape_string() is used on the variable before being used in a query.

[Blaik]

If the application " . . . won't accept apostrophes." Then, I suspect that he is not properly escaping the input prior to using them in a query. So, the queries are likely failing. You would have to go through the files to find anywhere a variable is used in a query and make sure that mysql_real_escape_string() is used on the variable before being used in a query.

 

Okay, that gives me somewhere to move forward from. My guess is it will involve the following line:

 

$sql = mysql_query("UPDATE inven SET quant=(('$quan1')+('$_POST[quan]'))

WHERE upc='$_POST[upc]'");

 

and I will need to insert the real escape in relation to that, but I could be completely wrong (although the two .php files I know are involved neither contain any escapes). Either way, I'm going to need to do a lot more studying to understand the code enough to know where the escape is needed. But again that gives me something to look at or use as a point of reference for this one. Thanks a ton!