burge124 Posted February 27, 2008 Share Posted February 27, 2008 hi, this code keeps giving me Notice: Undefined index: newpassword in C:\Program Files\EasyPHP 2.0b1\www\index.php on line 13 Notice: Undefined index: newemail in C:\Program Files\EasyPHP 2.0b1\www\index.php on line 17 ive tried playing round with it but cant fix the problem // select administrator $result = mysql_query("SELECT * FROM user WHERE UserName='admin'"); // update password mysql_query("UPDATE user SET password = '$_REQUEST[newpassword]' WHERE UserName = 'admin'"); // update email address mysql_query("UPDATE user SET email = '$_REQUEST[newemail]' WHERE UserName = 'admin'"); $user= mysql_fetch_array($result); ........ <input type="text" name="newpassword" /> <input type="text" name="newemail"> Quote Link to comment Share on other sites More sharing options...
revraz Posted February 27, 2008 Share Posted February 27, 2008 Post the entire code. Quote Link to comment Share on other sites More sharing options...
burge124 Posted February 27, 2008 Author Share Posted February 27, 2008 <body contextmenu="return false;"> <body onpaste="return false";> <?php $con = mysql_connect("localhost","root","") or die('Could not connect: ' . mysql_error()); mysql_select_db("questiondb", $con); // select administrator $result = mysql_query("SELECT * FROM user WHERE UserName='admin'"); // update password mysql_query("UPDATE user SET password = '$_REQUEST[newpassword]' WHERE UserName = 'admin'"); // update email address mysql_query("UPDATE user SET email = '$_REQUEST[newemail]' WHERE UserName = 'admin'"); $user= mysql_fetch_array($result); ?> <form method="post" action="mod_home.php"> <lable> Current Username:</label> <?php echo $user['UserName']; ?><br> <lable> Current Password:</label> <?php echo $user['Password']; ?><br> <lable> <p>Current Email: </label> <?php echo $user['Email']; ?></p> <p> <label>new password <input type="text" name="newpassword" /> </label> </p> <p> <label>retype password <input type="text" name="newemail"> </label> </p> <p> <label>new email <input type="text" name="newpassword2"> </label> </p> <p> <label> <input name="submit" type="submit" class="subHeader" id="submit" value="Submit"> </label> <label> <input type="reset" name="Reset" value="Reset"> </label> <br> </p> </form> Quote Link to comment Share on other sites More sharing options...
drewbee Posted February 27, 2008 Share Posted February 27, 2008 A few things here 1) ALWAYS wrap mysql_real_escape_string around ANY variable that goes into your database. This will help protect you from SQL injection; 2) For good coding practicies, always place quotes within your associate arrays IE $_POST, $_REQUEST, $_GET and go like this> $_POST['myvar'] SO SET password = '".mysql_real_escape_string($_REQUEST['newpassword'])."' 3) You are getting that message because you are trying to access variables that are being used without first being created; Depending on your error level this will show or not show. You can either tone down your error reporting level (not recomended), or always define your variables like so: $_REQUEST['newpassword'] = isset($_REQUEST['newpassword']) ? $_REQUEST['newpassword'] : '' This will set the variable $_REQUEST['newpassword'] to an empty string if it does not exist yet. Always place these at the top of the script so the variables can be properly initialized. Good luck Quote Link to comment Share on other sites More sharing options...
burge124 Posted February 27, 2008 Author Share Posted February 27, 2008 thanks for the advice! im not sure how to implement $_REQUEST['newpassword'] = isset($_REQUEST['newpassword']) ? $_REQUEST['newpassword'] : '' into my system tho Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted February 27, 2008 Share Posted February 27, 2008 its irrelevant because most error reporting levels treat !isset vars as equal to 0 or a blank string. However using $_REQUEST isn't a great idea use $_POST or $_GET that is more reflective of what you are doing to prevent cross contamination. Quote Link to comment Share on other sites More sharing options...
drewbee Posted February 27, 2008 Share Posted February 27, 2008 What do you mean irrelavant? It initalizes the variable if it is not yet set. Plane and simple; if its not set, set it. If it is use what the current value is. isset() returns true on a variable being set, and false if otherwise; php.net/isset Put $_REQUEST['newpassword'] = isset($_REQUEST['newpassword']) ? $_REQUEST['newpassword'] : '' $_REQUEST['newemail'] = isset($_REQUEST['newemail']) ? $_REQUEST['newemail'] : '' Above your current code. Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted February 27, 2008 Share Posted February 27, 2008 cause php doesn't care if variables are set. also your doing a nono of modifying the super global array you should always work on a copy of the super global incase you add on later and need that raw value. Quote Link to comment Share on other sites More sharing options...
drewbee Posted February 27, 2008 Share Posted February 27, 2008 By his error reporting level, it does care though As well, nothing is being modified, we are only SETTING a empty string value if it is not set. Personally, I am in favor of E^ALL reporting; anything less is dirty code. Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted February 27, 2008 Share Posted February 27, 2008 I too love errors but undefined indexes is too high for php. It was designed dirty, its not java. You are allowed to work on unset vars i.e acceptable coding <?php if(!empty($_POST['var'])){ #If its not set this produces an error } ?> Overchecking <?php if(!isset($_POST['var']){ $_POST['var'] = ''; } if(empty($_POST['var'])){ #No index error } ?> No point really Quote Link to comment Share on other sites More sharing options...
drewbee Posted February 27, 2008 Share Posted February 27, 2008 Yeah; Its a matter of opinion really. I have always worked with code expecting a variable to be either this or that, not existing or not existing. It seems very strange to me to use variables that haven't been set, especially with coldfusion in my blood as well Personally I think it makes things alot easier to follow too, but then again matter of opinion; I state To Each His Own before we start a brawl in this poor guys thread Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.