Jump to content

undefined index messages quick question

burge124

By burge124
in PHP Coding Help

Recommended Posts

burge124 Member

burge124

Posted
Posted

hi, this code keeps giving me

 

Notice: Undefined index: newpassword in C:\Program Files\EasyPHP 2.0b1\www\index.php on line 13

 

Notice: Undefined index: newemail in C:\Program Files\EasyPHP 2.0b1\www\index.php on line 17

ive tried playing round with it but cant fix the problem

 

// select administrator
$result = mysql_query("SELECT * FROM user WHERE UserName='admin'");

// update password
mysql_query("UPDATE user SET password = '$_REQUEST[newpassword]'
WHERE UserName = 'admin'");

// update email address
mysql_query("UPDATE user SET email = '$_REQUEST[newemail]'
WHERE UserName = 'admin'");

$user= mysql_fetch_array($result);
........

    <input type="text" name="newpassword" />

    <input type="text" name="newemail">

Link to comment
https://forums.phpfreaks.com/topic/93375-undefined-index-messages-quick-question/
Share on other sites
burge124 Member

burge124

Posted
  • Author
Posted 
	<body contextmenu="return false;">
<body onpaste="return false";>

<?php
$con = mysql_connect("localhost","root","")
  or die('Could not connect: ' . mysql_error());
mysql_select_db("questiondb", $con);

// select administrator
$result = mysql_query("SELECT * FROM user WHERE UserName='admin'");

// update password
mysql_query("UPDATE user SET password = '$_REQUEST[newpassword]'
WHERE UserName = 'admin'");

// update email address
mysql_query("UPDATE user SET email = '$_REQUEST[newemail]'
WHERE UserName = 'admin'");

$user= mysql_fetch_array($result);



?>
<form method="post" action="mod_home.php">
  <lable>
  Current Username:</label> <?php echo $user['UserName']; ?><br>
  <lable>
  Current Password:</label> <?php echo $user['Password']; ?><br>
  <lable>
  <p>Current Email:
    </label> 
  <?php echo $user['Email']; ?></p>
  <p>
    <label>new password
    <input type="text" name="newpassword" />
    </label>
  </p>
  <p>
    <label>retype password
    <input type="text" name="newemail">
    </label>
  </p>
  <p>
    <label>new email
    <input type="text" name="newpassword2">
    </label>
  </p>
  <p>
    <label>
    <input name="submit" type="submit" class="subHeader" id="submit" value="Submit">
    </label>
    <label>
    <input type="reset" name="Reset" value="Reset">
    </label>
    <br>
  </p>
</form>

drewbee Member

drewbee

Posted
Posted

A few things here

 

1) ALWAYS wrap mysql_real_escape_string around ANY variable that goes into your database. This will help protect you from SQL injection;

2) For good coding practicies, always place quotes within your associate arrays IE $_POST, $_REQUEST, $_GET and go like this> $_POST['myvar']

SO

SET password = '".mysql_real_escape_string($_REQUEST['newpassword'])."'

 

3) You are getting that message because you are trying to access variables that are being used without first being created; Depending on your error level this will show or not show. You can either tone down your error reporting level (not recomended), or always define your variables like so:

 

$_REQUEST['newpassword'] = isset($_REQUEST['newpassword']) ? $_REQUEST['newpassword'] : ''

 

This will set the variable $_REQUEST['newpassword'] to an empty string if it does not exist yet. Always place these at the top of the script so the variables can be properly initialized.

 

Good luck :)

cooldude832 Advanced Member

cooldude832

Posted
Posted

its irrelevant because most error reporting levels treat !isset vars as equal to 0 or a blank string. 

 

However using $_REQUEST isn't a great idea use $_POST or $_GET that is more reflective of what you are doing to prevent cross contamination.

drewbee Member

drewbee

Posted
Posted

What do you mean irrelavant? It initalizes the variable if it is not yet set. Plane and simple; if its not set, set it. If it is use what the current value is. isset() returns true on a variable being set, and false if otherwise; php.net/isset

 

 

Put

$_REQUEST['newpassword'] = isset($_REQUEST['newpassword']) ? $_REQUEST['newpassword'] : ''

$_REQUEST['newemail'] = isset($_REQUEST['newemail']) ? $_REQUEST['newemail'] : ''

 

Above your current code.

cooldude832 Advanced Member

cooldude832

Posted
Posted

I too love errors but undefined indexes is too high for php.  It was designed dirty, its not java.  You are allowed to work on unset vars

i.e

acceptable coding

<?php
if(!empty($_POST['var'])){
#If its not set this produces an error
}
?>

Overchecking

<?php
if(!isset($_POST['var']){
$_POST['var'] = '';
}
if(empty($_POST['var'])){
#No index error
}
?>

 

 

No point really

drewbee Member

drewbee

Posted
Posted

Yeah; Its a matter of opinion really. I have always worked with code expecting a variable to be either this or that, not existing or not existing.

 

It seems very strange to me to use variables that haven't been set, especially with coldfusion in my blood as well :) Personally I think it makes things alot easier to follow too, but then again matter of opinion; I state To Each His Own before we start a brawl in this poor guys thread :D

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.