davidolson Posted June 14, 2013 Share Posted June 14, 2013 Notice: Undefined variable: to in C:\xampp\htdocs\PDO\inbox.php on line 146 line 146 print" <td style=\"width:70%\"><input type=\"text\" name=\"to\" maxlength=\"50\" style=\"width:200px\" value=\"{$to}\" /></td>"; $errors = array(); if (!empty($_POST['submit'])) { $to = isset($_POST['to']) ? htmlspecialchars($_POST['to'], ENT_QUOTES) : ''; // OTHER SIMILAR THINGS // if (empty($to)) { $errors[] = "Please enter the username of who you wish to send this message to!"; } // OTHER ERRORS // } if (!empty($_POST['submit']) && empty($errors)) { // UPDATE DATABASE THING // } Quote Link to comment Share on other sites More sharing options...
ginerjm Posted June 14, 2013 Share Posted June 14, 2013 Line 146 looks like the part of your script that builds the page for the user, hence the following portion is irrelevant here. What's important is - does the variable $to exist prior to line 146? Quote Link to comment Share on other sites More sharing options...
davidolson Posted June 14, 2013 Author Share Posted June 14, 2013 my full code $errors = array(); if (isset($_GET['action']) && $_GET['action'] == 'send') { if (!empty($_POST['submit'])) { $to = isset($_POST['to']) ? htmlspecialchars($_POST['to'], ENT_QUOTES) : ''; $subject = isset($_POST['subject']) ? htmlspecialchars($_POST['subject'], ENT_QUOTES) : ''; $message = $_POST['message']; $date = time(); $query_1 = "SELECT * FROM users WHERE `username` = :to"; $check_user_stmt = $dbh->prepare($query_1); $check_user_stmt->bindParam(':to', $to); $check_user_stmt->execute(); $check_user_number_of_rows = $check_user_stmt->rowCount(); if (empty($to)) { $errors[] = "Please enter the username of who you wish to send this message to!"; } elseif (!$check_user_number_of_rows) { $errors[] = "The user '{$to}' could not be found!"; } if ($to == $userinfo['username']) { $errors[] = "You can not send a message to yourself!"; } if (empty($subject)) { $errors[] = "Please enter the subject!"; } if (empty($message)) { $errors[] = "Please enter the message!"; } } if (!empty($_POST['submit']) && empty($errors)) { $query_123 = "INSERT INTO inbox (`subject`, `message`, `from`, `to`, `created`) VALUES (:subject, :message, :from, :to, :created)"; $insert_stmt_1 = $dbh->prepare($query_123); $insert_stmt_1->bindParam(':subject', $subject); $insert_stmt_1->bindParam(':message', $message); $insert_stmt_1->bindParam(':from', $userinfo['username']); $insert_stmt_1->bindParam(':to', $to); $insert_stmt_1->bindParam(':created', $date); $success = $insert_stmt_1->execute(); if ($success) { $success_msg = "The message has been sent!"; header("Refresh: 5;index.php?do=inbox&action=send"); } } if ($configs['ShowPageTitle']) { print " <div id=\"pagetitle\">Send Message</div>"; } if (isset($success_msg)){ print " <div id=\"success_msg\"><b>Success</b><br>".$success_msg."</div>"; } if ($errors) { foreach ($errors as $error) { print " <div id=\"small_error_msg\">".$error."</div>"; } } print " <form method=\"POST\"> <table style=\"width:100%\" class=\"\"> <tr> <td style=\"width:30%;font-weight:bold\">To</td> <td style=\"width:70%\"><input type=\"text\" name=\"to\" maxlength=\"50\" style=\"width:200px\" value=\"{$to}\" /></td> </tr> <tr> <td style=\"font-weight:bold\">Subject</td> <td><input type=\"text\" name=\"subject\" maxlength=\"255\" style=\"width:350px\" value=\"{$subject}\" /></td> </tr> <tr valign=\"top\"> <td style=\"font-weight:bold\">Message</td> <td><textarea name=\"message\" style=\"width:350px\" rows=\"8\"></textarea></td> </tr> <tr> <td colspan=\"2\" align=\"center\" style=\"padding:5px 0 5px\"><input type=\"submit\" name=\"submit\" class=\"button\" value=\"Submit\" /></td> </tr> </table> </form>"; } Quote Link to comment Share on other sites More sharing options...
ginerjm Posted June 14, 2013 Share Posted June 14, 2013 I don't look at "full code". I look at sections that are clearly related to your problem. Did you look at your code to see if $to was defined before using it at line 146? Put an echo in your code right before line 146 and see what you see onscreen (ie echo $to; exit(); ) Quote Link to comment Share on other sites More sharing options...
Barand Posted June 14, 2013 Share Posted June 14, 2013 $to is given a value early on in the code only if certain conditions are true. I you later try to output when those conditions are not true then it will be undefined. Quote Link to comment Share on other sites More sharing options...
davidolson Posted June 15, 2013 Author Share Posted June 15, 2013 (edited) I don't look at "full code". I look at sections that are clearly related to your problem. Did you look at your code to see if $to was defined before using it at line 146? Put an echo in your code right before line 146 and see what you see onscreen (ie echo $to; exit(); ) Undefined variable if i put this code before line 146 then its ok echo isset($to) ? htmlspecialchars($to, ENT_QUOTES) : ''; This also works <td><input type="text" name="to" maxlength="255" style="width:200px" value="<?php echo isset($to) ? htmlspecialchars($to, ENT_QUOTES) : ''; ?>" /></td> But how to make it work with this form? i tried this way but it didn'nt work ".isset($to) ? htmlspecialchars($to, ENT_QUOTES) : ''." print " <td style=\"width:70%\"><input type=\"text\" name=\"to\" maxlength=\"50\" style=\"width:200px\" value=\"...............................\" /></td>"; Edited June 15, 2013 by davidolson Quote Link to comment Share on other sites More sharing options...
ginerjm Posted June 15, 2013 Share Posted June 15, 2013 In front of that last line "print ...." do exactly this instead: echo "to is:$to:"; exit(); Tell me what that echo line gives you. BTW - you can use alternating double and single quotes to make your life easier. Try: print " <td style='width:70%'><input type='text' name='to' maxlength='50' style='width:200px' value='...............................' /></td>"; Much easier to type and to read, no? Quote Link to comment Share on other sites More sharing options...
davidolson Posted June 15, 2013 Author Share Posted June 15, 2013 In front of that last line "print ...." do exactly this instead: echo "to is:$to:"; exit(); Tell me what that echo line gives you. Undefined variable: to in C:\xampp\htdoc.............. Quote Link to comment Share on other sites More sharing options...
davidolson Posted June 15, 2013 Author Share Posted June 15, 2013 how to use html tag inside Php code <?php echo isset($to) ? htmlspecialchars($to, ENT_QUOTES) : ''; ?> <td style='width:65%'><input type='text' name='do' maxlength='50' style='width:200px' value='<?php echo isset($to) ? htmlspecialchars($to, ENT_QUOTES) : ''; ?>' /></td> Quote Link to comment Share on other sites More sharing options...
ginerjm Posted June 15, 2013 Share Posted June 15, 2013 Don't know what you last post is about, but the test you did for me tells us that the var doesn't exist when you try to output that line containing it. Now - figure out why it doesn't exist. Also - you really don't need to keep using <? ?> tags throughout your code. Your can write html like this: $code =<<<heredocs <td>$myvar</td> <td>$morevars</td> <td>$anothervar</td> blah blah blahhtml heredocs; echo $code; will output all your html and vars without going into and out of php mode. read up on heredocs in the manual. Note that the closing tag (heredocs;) MUST be in column one. Quote Link to comment Share on other sites More sharing options...
Barand Posted June 15, 2013 Share Posted June 15, 2013 (edited) Don't know what you last post is about, but the test you did for me tells us that the var doesn't exist when you try to output that line containing it. Now - figure out why it doesn't exist. Already told him that: $to is given a value early on in the code only if certain conditions are true. If you later try to output when those conditions are not true then it will be undefined. Edited June 15, 2013 by Barand Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted June 15, 2013 Share Posted June 15, 2013 (edited) lol, as Barand stated, where your $to variable is being defined at doesn't guarantee that it will exist when it is accessed when the form is produced. your code has two problems - 1) the first time it is requested, the form hasn't been submitted and none of the variables in your form processing code will exist at all. 2) after your form has been submitted, inside your conditional logic that has tested if the form has been submitted, all the text/textarea fields will be set and you don't need to test each one to see if it is set. just use the posted values (after you filter/validate them) inside your form processing code. your - $to = isset($_POST['to']) ? htmlspecialchars($_POST['to'], ENT_QUOTES) : ''; statement shouldn't be inside the form processing code at all, it needs to be somewhere right before the form. you could actually put it right where the value=' ... ' attribute is at (assuming you know how to concatenate an expression into a string.) you also should not apply htmlspecialchars or htmlentities to data being put into a database. it should only be applied to data right before you output it into a html page. Edited June 15, 2013 by mac_gyver Quote Link to comment Share on other sites More sharing options...
Solution davidolson Posted June 15, 2013 Author Solution Share Posted June 15, 2013 Now everything works function clean_var(&$varname) { return isset($varname) ? htmlspecialchars($varname, ENT_QUOTES, 'UTF-8') : ''; } $errors = array(); if (!empty($_POST['submit'])) { $to = $_POST['to']; if (empty($to)) { $errors[] = "Please enter the username of who you wish to send this message to!"; } } if (!empty($_POST['submit']) && empty($errors)) { // UPDATE DATABASE THING // } print " <td style='width:65%'><input type='text' name='to' maxlength='50' style='width:200px' value='".clean_var($to)."' /></td>"; Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.