Error:
( ! ) Notice: Undefined index: VIN in C:\wamp\www\php\myJoyofPHP\viewcar.php on line 10
09 <?php include 'db.php';
10 $vin = $_GET['VIN'];
11 $query = "SELECT * FROM INVENTORY";
12 /* Try to query the database */
13 if($result = $mysqli->query($query)){
14 //Don't do anything if successful.
15 }
16 else
17 {
18 echo "Sorry, a vehicle with VIN of $vin cannot be found ".mysql_error()."<br>";
19 }
20
21 //Loop through all the rows returned by the query, creating a table row for each
22 while ($result_ar = mysqli_fetch_assoc($result)){
23 $year = $result_ar['YEAR'];
24 $make = $result_ar['Make'];
25 $model = $result_ar['Model'];
26 $trim = $result_ar['TRIM'];
27 $color = $result_ar['EXT_COLOR'];
28 $interior = $result_ar['INT_COLOR'];
29 $mileage = $result_ar['MILEAGE'];
30 $transmission = $result_ar['TRANSMISSION'];
31 $price = $result_ar['ASKING_PRICE'];
32 }
33 echo "$year $make $model </p>";
34 echo "<p>Asking Price: $price </p>";
35 echo "<p>Exterior Color: $color </p>";
36 echo "<p>Interior Color: $interior </p>";
37
38 $mysqli->close();
39 ?>
I'm not concerned about security at the moment because I am just learning the basics as of now. So please don't respond saying that it's vulnerable code, I know.
I have a Column named 'VIN' in the 'cars' database within PhpMyAdmin with multiple values in it but For some reason this error comes up. Also, underneath the error, a single data set appears.
Why would I be getting this error?
Why would I be getting the error especially if a database exists with the same column name 'VIN'?
When I enter the following code above it, there is a variable error too.
$value = isset($array['VIN']) ? $array['VIN'] : '';
$value = array_key_exists('VIN', $array) ? $array['VIN'] : '';
Also, this is the db.php file that is included:
<?php
//localhost, root, password, database
$mysqli = new mysqli('localhost','root','','cars');
/*check connection */
if (mysqli_connect_errno()){
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
//select a database to work with
$mysqli->select_db("cars");
?>
As I mentioned, I understand this is a vulnerable database. There is no password. Please don't post anything regarding that, as I need to fully understand the basics. Thank you.
First, is not an "error", it is a "notice". You can ignore it almost all the time.
Its mean 'VIN' index is not defined inside the $_GET global var/array.
That is 'VIN' do not come in the url parameters.
PHP assumes it like an empty string.
Maybe the best solution is some like:
if( isset($_GET['VIN']) && $_GET['VIN'] != "" ){ // you can add others validations like string lenght or regex
$vin = $_GET['VIN'];
$query = "SELECT * FROM INVENTORY";
//...all your code...
}else{
// Do something when no VIN comes in the url
}
Obviously you need to use your script with de VIN parameter:
.....viewcar.php?VIN=ABC123
You can use the following code and notice message will disappear, its just a notice saying that $vin is not defined because sometimes $vin is empty, it does not get any value from $_GET
if (isset($_GET['VIN']))
{
$vin = $_GET['VIN'];
}
This line is causing you to receive that warning $vin = $_GET['VIN']; which means that you are not receiving VIN in the request, you need to check it as
if (isset($_GET['VIN'])) {
//rest of the code
}
Short and simple:
$vin = #$_GET['VIN'];
If VIN was not fed in
There will be no error message;
$vin will be NULL.
Later, you can use if (isset($vin)) ..., which reads easily.
Related
Hello there am trying to insert data into MSSQL using PHP. I have tried many times to figure out what the problem might be but i seem not to find it. Is there something am not getting right or missing?
<?php
//pull form fields into php variables
$no = $_POST['no'];
$name= $_POST['name'];
$date = $_POST['date'];
$leave = $_POST['leave'];
$days= $_POST['days'];
$empno= $_POST['empno'];
//connect to sql
$dbc = mssql_connect('Server-PC','user','password','database')or die('Error connecting to
the SQL Server database.');
// Input into staff database
$query = "INSERT INTO dbo.[CAGD$Leave Plan] ([No_],[Employee No_],[Employee Name],
[Leave Name], [Start Date],[Leave Days],Satus) VALUES
('$no','$name','$leave','$date','days','empno')";
$r esult = mssql_query($query,$dbc)or die('Error querying MSSQL database');
//close to sql
mssql_close($dbc);
echo $name . 'Your submission has been received<br />';
echo 'If you need change this request please contact your HR Manager<br />';
echo 'Thank you <br />';
echo 'HR Manager';
?>
I get this error message:
Warning: mssql_query() [function.mssql-query]: message: Invalid object name 'dbo.CAGD Plan'.
(severity 16) in C:\xampp\htdocs\CAGD\leave_request.php on line 110
Warning: mssql_query() [function.mssql-query]: Query failed in C:\xampp\htdocs
\CAGD\leave_request.php on line 110
Error querying MSSQL database
You can use SQLSRV Driver instead of MSSQL Driver and then try this
<?php
$serverName = "serverName";
$options = array( "UID" => "sa", "PWD" => "Password", "Database" => "DBname");
$conn = sqlsrv_connect($serverName, $options);
if( $conn === false )
{
echo "Could not connect.\n";
die( print_r( sqlsrv_errors(), true));
}
$no = $_POST['no'];
$name= $_POST['name'];
$query = "INSERT INTO dbo.Test
(No_,FirstName)
VALUES(?, ?)";
$params1 = array($no,$name);
$result = sqlsrv_query($conn,$query,$params1);
sqlsrv_close($conn);
?>
This is more useful, and you can learn more here:
https://msdn.microsoft.com/en-us/library/cc626305(v=sql.105).aspx
First Specify your database Connection...
mssql_connect('Server-PC','user','password','database')
like -> "localhost","root","XXXX", "DBNAME"
then query like
$query = "INSERT INTO TABLENAME (id,name) VALUES
('$id','$name')";
$result = mssql_query($query,$dbc)
Hmm, it seems to me that you have 7 fields in the table but only 6 values submitted - you are missing the value for the first column, [No_].
Besides, the last column satus (i suppose it should be 'status') does not have de [] delimiters.
The error returned tells you that the name of the table is wrong.
And yes variable names are case sensitive in PHP, it should be $leave - best to exit the string and concatenate - something like "bla bla".$leave."anything here with spaces or not" .
Is this supposed to be a variable?
$query = "INSERT INTO dbo.[CAGD$Leave Plan] ([No_],[Employee No
^^^^^^
If so, then it's apparently undefined in your code, and the generated query string will contain dbo.[CAGD Plan], and not whatever value was supposed to be in that variable. If the $ is literally in your table name, then it should be CAGD\$Leave, so that $Leave isn't treated as a variable.
i have set my configdb.php on a different page and include it on my other php pages..
here is my configdb.php
<?php
$hostname ="localhost";
$username ="root";
$password ="";
$db ="practicedb";
$connect = mysqli_connect($hostname,$username,$password) or die("cannot connect to server");
mysqli_select_db($connect,$db) or die("database not found!");
?>
these are the errors that i get:
Notice: Undefined variable: configdb in /Applications/XAMPP/xamppfiles/htdocs/practicesystem/add.php on line 14
Warning: mysqli_query() expects parameter 1 to be mysqli, null given in /Applications/XAMPP/xamppfiles/htdocs/practicesystem/add.php on line 14
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in /Applications/XAMPP/xamppfiles/htdocs/practicesystem/add.php on line 15
Notice: Undefined variable: configdb in /Applications/XAMPP/xamppfiles/htdocs/practicesystem/add.php on line 28
this is my add.php where i INSERT items into database from the $_POST method from a previous php page..
<?php
include "configdb.php";
$studid=$_POST['studid'];
$lastname=mysql_real_escape_string($_POST['lastname']);
$firstname= mysql_real_escape_string($_POST['firstname']);
$middlename= mysql_real_escape_string($_POST['middlename']);
$email=$_POST['email'];
$check = "SELECT * from studinfo where stud_id = '".$studid."'";
$qry = mysqli_query($configdb,$check);
$num_rows = mysqli_num_rows($qry);
if($num_rows > 0){
// Here we are checking if username is already exist or not.
echo "The person you have entered is already existing. Please try again.";
echo 'Try Again';
exit;
}
$query = "INSERT INTO studinfo (stud_id,lastname,firstname,middlename,email) VALUES ('".$studid."','".$lastname."','".$firstname."','".$middlename."','".$email."');";
//echo $query;
mysqli_query($configdb, $query);
echo "Thank You for Registration.";
echo 'Click Here to login you account.';
exit;
?>
i don't know and i am not sure what to put on the first parameter of mysqli_query..
i tried putting this code $con=mysqli_connect("localhost","root","","practicedb"); it worked but its not practical putting that on every php page where i should connect to the database...
Yet another question on a silly typo...
$connect = mysqli_connect( ...
vs.
$qry = mysqli_query($configdb,$check);
so the error message clearly says: Undefined variable: configdb
I am retrieving data from a database in android so created a php file as below.
<?php
$db_host = "localhost";
$db_uid = "root";
$db_pass = "";
$db_name = "abc";
$db_con = mysql_connect($db_host,$db_uid,$db_pass) or die('could not connect');
mysql_select_db($db_name);
$sql = "SELECT * FROM people WHERE birthyear > '". $_POST["birthyear"]."'";
$result = mysql_query($sql);
while($row=mysql_fetch_assoc($result))
$output[]=$row;
print(json_encode($output));
mysql_close();
?>
Now when i run it in the browser as localhost/script.php
error is thrown and the output is displayed as below
Notice: Undefined index: birthyear in C:\xampp\htdocs\jasonscript.php on line 14
[{"id":"1","name":"m","sex":"1","birthyear":"1989"},{"id":"2","name":"a","sex":"1","birthyear":"1986"},{"id":"3","name":"b","sex":"0","birthyear":"1986"}]
Please tell me how to correct my code.
$output[]=array("key"=>$row['field_name'],"key1"=>$row['field_name2']);
store array like this
You are directly inserting $_POST["birthyear"] in your query which makes you vulnerable to SQL injection. Stop doing it right now!
That is also why you get the error. When you directly call the script in your browser, that will be with a GET request and there wont be any POST variables available. So your $_POST array wont have a key for birthyear and thus it warns you about it.
You should start with something like
<?php
$by = isset($_POST["birthyear"]) ? $_POST["birthyear"] : "";
if (empty($by)) {
echo 'Invalid birthyear';
exit;
}
//SANITIZE YOUR BIRTHYEAR HERE
//in this case, probaly check for a integer between 1900 and 2100 or something.
//Although just an int could be enough to prevent injection
if (!is_int($by)) {
echo 'You failed to provide a valid year';
exit;
}
$sql = "SELECT * FROM people WHERE birthyear > '". $by."'";
//execute the code
?>
Although the above code is safe, you should check out bound parameters like used in mysqli prepared statements or PDO
you probably failed to send the values trough post properly.
try print_r($_POST); to see what you are actually sending
you still get all results because every year is > ''
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
PHP: “Notice: Undefined variable” and “Notice: Undefined index”
So Im back with another php error, that I cant solve. But Im getting better:)
I have created a simple script that stores images in a database, I have no problems to store the file, but when Im reading the file i get an index error. It says
Notice: Undefined index: id in C:\wamp\www\gallery2\show.php on line
13
I cant really get what the problem is since Im thinking that everything is correct !?
the code for showing the images are
<?php
$username = "root";
$password = "";
$host = "localhost";
$database = "guestbook";
#mysql_connect($host, $username, $password) or die("Can not connect to database: ".mysql_error());
#mysql_select_db($database) or die("Can not select the database: ".mysql_error());
$id = $_GET['id'];
if(!isset($id) || empty($id)){
die("Please select your image!");
}else{
$query = mysql_query("SELECT * FROM tbl_images WHERE id='".$id."'");
$row = mysql_fetch_array($query);
$content = $row['image'];
header('Content-type: image/jpg');
echo $content;
}
?>
You are trying to access $_GET['id']. However, if no argument id is present in the querystring of the request, the index id will not be available in the $_GET superglobal. That's why you receive the notice.
So you should be doing something like this:
$id = !empty( $_GET[ 'id' ] ) ? $_GET[ 'id' ] : null;
It is telling you the value id does not exist in the $_GET array. Does the URL you are accessing have a ?id=something on it?
The variable...
$_GET['id'];
...doesn't contain a value, therefore it is not defined.
Check if your form mechanism leading to this $_GET is working, maybe var_dump it.
If your script should cope with an empty variable there, maybe check this variable first, something like this:
$id = "";
if (isset($_GET['id']) { $id = $_GET['id']; }
This question already has answers here:
Closed 12 years ago.
Possible Duplicate:
what is this notice referring to
can i get an answer in plain English please
i am new at this .. the better it is explained the fewer times i will need to repost
Notice: Undefined index: username in C:\wamp\www\espn.com\login.php on line 16
Notice: Undefined index: password in C:\wamp\www\espn.com\login.php on line 17
1<?php
2
3//Database Information
4
5 $dbhost = "localhost";
6 $dbname = "users";
7 $dbuser = "root";
8 $dbpass = "*****";
9
10 //Connect to database
11
12 mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
13 mysql_select_db($dbname) or die(mysql_error());
14
15 session_start();
****16 $username = $_POST['username'];
17 $password = md5($_POST['password']);****
18
19 $query = sprintf('SELECT * FROM users WHERE username="%s" AND password="%s"',
20 ($username), ($password));
21
22 $result = mysql_query($query);
23
if (mysql_num_rows($result) != 0) {
$error = "Bad Login";
include "login.html";
} else {
$_SESSION['username'] = "$username" ;
include "memberspage.php";
}
Sure. The form that is submitted does not have any name tag.
Please fix your html part as follow:
<input **name="username"**/>
So that you can easily use $_POST['username'] to recover the value from the form.
Actually every time you see "undefined index" it means that a key of an array is missing.
It's like:
$a = array('zero', 'one', 'two');
and you calling:
$a[3];
In this case $_POST is a global array which is missing the key 'username' and 'password'.
When you submit a page, the data (user input / form data) is sent as an array which you can access via $_POST.
Now, when you access $_POST[somename], the PHP engine tries to retrieve the value for the key "somename" in the array $_POST.
In your program (specifically lines 16 & 17), the key for the array does not exist.
So, it is better you do a check like this:
$username = isset($_POST['username'])?$_POST['username']:null;