I am using a php mysql based crm software which is made using Codeigniter.
I don't have any knowledge about Codeigniter.
I just customized it as per my requirements.
Whenever I am trying to save any data I am getting this error.
While using in Xampp I did not get these errors.
When I put it online I started to get these. Also I tried to ignore PHP errors, warnings using
error_reporting(0);
in my controller/admin.php
This would just hide the errors and not ignore them and proceed to the redirected page after the save.
If anything else is needed please let me know.
Undefined index -- that's the error you need to resolve here. You're most likely trying to access a property of $_GET or $_POST using an incorrect key name.
For the sake of debugging, try this:
if(isset($_GET['keyname'])) {
$myObj->prop = $_GET['keyname'];
} else {
show_error('No value set for keyname', 500);
}
I'm making a lot of assumptions about your code here, replace keyname with whatever you are trying to access.
For reference, you should probably switch to using the CodeIgniter Input Class to get values from GET/POST.
Related
Full disclosure: I'm not a PHP programmer, rather a Javascript/Node programmer, but I'm trying to help a friend fix a fatal PHP error on their site.
To wit,
Fatal error: Call to undefined function import_request_variables()
I've looked it up and import_request_variables() is deprecated.
The relevant piece of code is this -- I noticed that the developer seems to have tried out the more modern form (?) and abandoned it.
import_request_variables("pgc", "re_");
//extract($_GET, EXTR_PREFIX_ALL, "pgc");
//extract($_POST, EXTR_PREFIX_ALL, "pgc");
//extract($_GET, EXTR_PREFIX_ALL, "re_");
//extract($_POST, EXTR_PREFIX_ALL, "re_");
I found a solution on Stack Overflow here Php import_request_variable stopped working, that suggests using that same extract method
extract($_GET, EXTR_PREFIX_ALL, 'p');
extract($_POST, EXTR_PREFIX_ALL, 'p');
Is this the correct method to follow? I've read in other posts (e.g. here) that this could lead to security errors, as does the PHP documentation here
Warning
Do not use extract() on untrusted data, like user input (e.g. $_GET, $_FILES).
and that it's best to import the variables specifically, but I'm not sure that I'm adept enough at PHP to go through all the code and figure out where each variable is being used...
What's the best way to solve this issue swiftly and securely?
Thanks for any help!
EDIT:
This is the code where the variables are used, for what it's worth
if ($re_sub && $re_sec) { $content="./$re_sec/$re_sub.php";}
else if ($re_sec) { $content="./$re_sec/index.php";}
else { $content="./home.php";}
Wow. import_request_variables went away in PHP5, that was a LONG time ago... hope you are upgrading to 7!
Anyway, it seems that you are basically trying to form POST and the content of the post determine the URL the user is sent to. Since you can't trust user input (or shouldn't anyway) you check what is sent in the $_POST array against a whitelist. Depending on how many sections and sub-sections you have, that whitelist can be hard coded, kept in a separate include file, stored in a database, etc.
Given a structure like
home
sec1
sec1sub1
sec1sub2
sec1sub3
sec2
sec2sub1
sec2sub2
sec2sub3
sec3
sec3sub1
sec3sub2
sec3sub3
You can do something like loop through your whitelist and see if a matching POST variable was sent, if so add it to the URL.
$url="/";
$whitelist=array();
$whitelist['cars']=array("compact","sedan","sportscar");
$whitelist['trucks']=array("diesel","4x4");
$whitelist['suvs']=array("crossovers","domestic","import");
foreach($whitelist as $k=>$v){
if(isset($_POST[$k])){
$url=$url."/".$k;
foreach($v as $subv){
if(isset($_POST[$subv])){
$url=$url."/".$subv;
}
}
}
}
header("location :".$url);
I have a slightly frustrating problem...
I'm sending a form value to PHP via AJAX and that seem to work fine.
When I do var_dump in PHP I see my values I can also set a variable and echo it correctly.
However, the line
$prod_id=$_POST['product'];
causes an uncaught type error in the browser.
If I just set the variable with text in PHP everything works fine.
To conclude, this piece of code works fine:
$prod_id=("Slab Skate");
$selected_customers = mysqli_query($link,"SELECT * FROM customers
INNER JOIN cust_products on cust_products.cust_id=id
INNER JOIN products on products.prod_id=cust_products.product_id
WHERE products.prod_name='$prod_id'");
This code causes uncaught typerror:
$prod_id=$_POST['product']
Same SQL statement as above.
If I do
var_dump ($prod_id);
after setting it with $_POST I get:
string(10) "Slab Skate"
My form data in network headers tab of Chrome developer tools say:
product:Slab Skate
I don't get it...
Thanks in advance for any tips.
Update and some clarifications.
The error I get is this: "Uncaught TypeError: Cannot read property 'documentElement' of null" which is a Javascript error coming from a function later in the code. However, since the whole thing works if I "hardcode" the variable instead of setting it from $_POST my assumption was that the error must reside in PHP.
But maybe that's not the case...
What I'm doing is the following: posting a form value to PHP -> use value to select from my_sql and prepare an XML output. So far so good, (I can see the xml output in Chrome dev tools) but then I go back to a javascript to fetch the xml output from my PHP file and then it fails.
When thinking about it, it's rather obvious why it works with a "hardoded" variable and not with the $_POST set one.
So, I see two solutions either set the PHP variable in my_sql or using javascript more intelligently.
Do anyone have a smart solution? I could post all the code, but it's quite long.
Second update:
I solved the issue by writing an xml file to the server instead of trying to download it from the php file. Then my java function can process the xml correctly.
It does work, but I'm not sure how well it scales? It must be better to process the xml output from PHP directly rather then saving it to file first and then process. But, I have no insight on how big the difference is...
/Tim
I wouldn't use SELECT * FROM when using Inner Join if i were you. that would cause all sort of problems , simply give the names of columns.
I am actually trying to monitor a PHP variable (may be as a separate thread but not possible in PHP) and fire a PHP function whenever the value of the variable changes.
eg: lets take a variable $_GLOBALS['foo']=1;
if at any point in the code, the value of $_GLOBALS['foo'] changes to something else, i want to fire a PHP function immediately.
The variable can be anywhere inside a loop or in a function,etc.
Why i want this: I have a variable which stores the last error occured as a text. If the value of the variable changes from "" to something else, i want to trigger an error. My LOGIC may seem a bit strange but this is what i would like to do.
Thanx in advance.
Edit: I tried: How to use monitors in PHP? and How can one use multi threading in PHP applications but does not seem to solve the problem.
The Code (Thought this could solve some of your doubts on my question):
public function addtag($tagarray,$uid,$tagtype="1")
{
$dbobj=new dboperations();
$uiobj=new uifriend();
$tagid=$uiobj->randomstring(30,DB_SOCIAL,SOCIAL_TAG,tag_tagid);
$c=0;
foreach($tagarray as $tags)
{
$c++;
$tagname=$tags["tagname"];
$taguid=$tags["tagid"];
$dbobj->dbinsert("INSERT INTO ".SOCIAL_TAG." (".tag_tagid.",".tag_fuid.",".tag_tuid.",".tag_tagname.",".tag_tagtype.") VALUES
('$tagid','$uid','$taguid','$tagname','$tagtype')",DB_SOCIAL);
}
if($c==0)
{
$lasterror="No tags were added";return "";
}
else
{
return $tagid;
}
}
Here, if i call a error handling function instead of monitoring the variable, it wont be advisable in my case since the error handling function may do any operation like give alert and redirect to a page or any similar operation.
I asked this question cause, i thought what if the script does not reach the line
return "";
It would affect the project's workflow. Thats what i am worried about.
And the variable i was talking about is $lasterror and i have many functions like this where $lasterror is used.
I saw this, so I built this:
https://github.com/leedavis81/vent
Should solve your problem.
There is no built-in way to do this in PHP, and there's no easy way to add it. It doesn't really feel right for the way the language works anyway.
Instead of setting a variable, you could build a custom function that handles the error - or use PHP's built-in error handling functionality using a custom error handler.
Another error handling method which comes close to what you want to do (I think) is exceptions.
I am just beginning to learn PHP, so I apologize if this is a basic question. I am using what I understand to be a CodeIgniter-like MVC framework (NOT CI though - a homegrown framework)
I am trying to pass two parameters to my index controller, each of which will display a different error message. The errors are generated from two individual post functions (i.e., if user's log in is incorrect and if email already exists at sign up).
public function index($error1=NULL, $error2=NULL) {
$this->template->content = View::instance('v_index_index');
$this->template->content->error1 = $error1;
$this->template->content->error2 = $error2;
echo $this->template;
}
What I am observing is that the only error displayed is the parameter that appears in the parentheses first (e.g., at index/index/error2 the error1 message is displayed). I've already tested the logic for determining the error type, so I know that is correct and believe it must have something to do with the above.
Any help is greatly appreciated!
This is a bit of an oddity for me. PHP is my forte, and I can normally figure out any issue I encounter.
I have a custom framework that I have been using for years. I have taken it upon myself to rewrite it, and I'm doing everything essentially the same that I was before. The problem lies in the following construct:
function ModPages_GetPage() {
$page = ModPages_GetPageByName($_GET['page_name']);
if($page != false) {
include(TPL_DIR.'pages/pages.view.php');
} else {
ErrorMessage('Invalid Page', 'The selected page could not be found.');
}
}
function ModPages_GetPageByName($page_name = null) {
$db = new Database;
$query = '
SELECT *
FROM pages
WHERE page_name = "'.CleanStr($page_name).'"
AND page_enabled = "yes"
LIMIT 1
';
$page = $db->GetRow($query);
return $page;
}
This code is being called with 'home' for the value of $_GET['page_name']. The call to ModPages_GetPageByName() is working fine, but the value of $page in ModPages_GetPage() isn't getting set. Matter of fact, any debugging statements thrown in after that call are failing to display anything.
I have display_errors set to on, and error_reporting set to E_ALL. I get a couple notices from my Database class, but that's it.
Running the script at a shell fails to produce any errors. When using strace, I do see the process spits out an 'exit_group(255)'.
This one has me quite baffled. I could sure use some direction on this.
I would think it's your query, shouldn't you just return the page name instead of star? as star (*) would return an array which is probably being passed back as the value? just my guess.
$query = '
SELECT *
FROM pages
WHERE page_name = "'.CleanStr($page_name).'"
AND page_enabled = "yes"
LIMIT 1
';
if you do a print_r on the $page return I would think it should be an array
$page = $db->GetRow($query);
echo "Page:<pre>".print_r($page,true)."</pre><br />\n";
Then maybe return something like this
return $page['page_name_field'];
ok before we get to a solution can we first make sure that before setting the $page variable, first just echo $_GET['page_name'] to see if there is a value being received.
PK
Does your script stop right after your database call, or just doesn't display any output?
If the first is true, then it looks like a fatal error. With E_ALL, it should be displayed, are you sure both display_errors and error_reporting are as you say at that point, and that the GetRow function doesn't alter them in any way? If so, maybe there's something in the Apache error log (PHP errors are sometimes logged there).
If the latter is true I'm thinking about an exception being thrown in a method that is being called, and caught in a higher level function. To check this you can put the database call (ie: the point where things go wrong) inside a try/catch block and see if you reach the catch block.
I would try following:
replace $_GET with $_REQUEST (maybe your form is using POST?)
do a print_r to check contents of your variables.
use mysql_error to view any errors, or print your mysql query in your browser, copy/paste it in phpmyadmin, is it returning anything? error.. data?
something similar happend to me once, my framework was encoded in ANSI and my calling php file was UTF8+BOM... I changed everything to UTF8+BOM and it worked.
try also different browser, I know it might not be a browser problem, but it might be that your script is cached somewhere.
are you using some caching? like eaccelerator?
Are those functions in a class? If so, you will need $page = $this->ModPages_GetPageByName().
Also I would echo out the argument and the sql statment in ModPages_GetPageByName(). This way you can verify that it isn't a SQL error.
I can't say for sure why your code isn't working, but I can make some suggestions that might help in locating the error.
The first thing I notice is you don't check that $db actually contains a valid database. I don't know the details of your Database object but I'm assuming there's some mechanism in there for checking if it's actually connected to the database. You should use that to determine if the database is connected before running queries on it.
$db = new Database ();
if ($db -> isConnected ())
{
$query = 'SELECT * (etc etc etc)';
// ...
}
else
{
// Put some kind of DB connection error notification or throw an exception here
}
Just on a stylistic note, you don't need to store the results of your DB lookup before returning it, unless you're planning on doing some processing on the result before returning it. You can just return the lookup directly. Of course that's just a stylistic choice, but it saves a line or two :)
return ($db->GetRow($query));
After you run your getpage function, I'd strongly recommend var_dump()ing the result. Even if your function returned NULL, you'll still see this in the var_dump. If in doubt, dump it out :). I'd also recommend installing xdebug to make the var_dump output more readable.
$page = ModPages_GetPageByName($_GET['page_name']);
var_dump ($page);
I would also strongly recommending var_dumping your query before you execute just to make absolutely sure that you're running the query you think you're running. Copy and paste the outputted query into sqlyog or phpmyadmin or whatever you use for interactive access to your database and make sure it returns what you think it should return.
Other things to check, is the page you're trying to return actually set page_enabled='yes'? Does the page_enabled column actually store the value as 'yes', or is it a bool or an integer or something else? Is magic quotes enabled or disabled? If they're in one state when you think they're in the other they can cause confusion. Are errors actually being reported to the browser? Add a line at the top of your script that's guaranteed to fail just to make sure, like an attempted foreach on an integer. If you don't see an error, then maybe error reporting isn't configured properly. I know those are obvious questions but I also know how easy it is to overlook the obvious if you're not getting what you expect out of a query.
Are you sure $page is not set, or is it just that your debug instructions don't print anything? Try logging to a file or a database instead; maybe your code triggered output buffering or something like that.
Also, you are calling ModPages_GetPageByName before declaring it. That is usually okay, but might not be in special circumstances (e.g. when the code is wrapped in an if block). Try swapping the two.
Also, check your environment and disable opcode caching and other possible error sources. APC for example can call the old version of the script long after you changed the PHP file.
While some of you have put extra effort into responding to this, nobody has been able to see the full picture, even given the details I have provided. I have been unable to trace the issue back to its source, but have moved on to a different project.