i'm creating a site for a client and i get an error message saying "undefined index". I'm trying to upload data to a database from 3 multi form pages and they are handled by cv.php.
The form details are stored on page 2
<?php
session_start();
if(isset($_SESSION['FirstName'])){
$_SESSION['FirstName'] = $_POST['FirstName'];}
if(isset($_SESSION['LastName'])){
$_SESSION['LastName'] = $_POST['LastName'];}
if(isset($_SESSION['dob'])){
$_SESSION['dob'] = $_POST['dob'];}
if(isset($_SESSION['Age'])){
$_SESSION['Age'] = $_POST['Age'];}
if(isset($_SESSION['AddressLine1'])){
$_SESSION['AddressLine1'] = $_POST['AddressLine1'];}
if(isset($_SESSION['AddressLine2'])){
$_SESSION['AddressLine2'] = $_POST['AddressLine2'];}
if(isset($_SESSION['City'])){
$_SESSION['City'] = $_POST['City'];}
if(isset($_SESSION['County'])){
$_SESSION['County'] = $_POST['County'];}
if(isset($_SESSION['PostCode'])){
$_SESSION['PostCode'] = $_POST['PostCode'];}
if(isset($_SESSION['Country'])){
$_SESSION['Country'] = $_POST['Country'];}
if(isset($_SESSION['Telephone'])){
$_SESSION['Telephone'] = $_POST['Telephone'];}
if(isset($_SESSION['Mobile'])){
$_SESSION['Mobile'] = $_POST['Mobile'];}
if(isset($_SESSION['Email'])){
$_SESSION['Email'] = $_POST['Email'];}
?>
Page 3
<?php
session_start();
if(isset($_SESSION['Skills'])) {
$_SESSION['Skills'] = $_POST['Skills'];}
if(isset($_SESSION['ReasonApp'])){
$_SESSION['ReasonApp'] = $_POST['ReasonApp'];}
if(isset($_SESSION['WorkName'])){
$_SESSION['WorkName'] = $_POST['WorkName'];}
if(isset($_SESSION['WorkDesc'])){
$_SESSION['WorkDesc'] = $_POST['WorkDesc'];}
if(isset($_SESSION['W_AddressLine1'])){
$_SESSION['W_AddressLine1'] = $_POST['W_AddressLine1'];}
if(isset($_SESSION['W_AddressLine2'])){
$_SESSION['W_AddressLine2'] = $_POST['W_AddressLine2'];}
if(isset($_SESSION['W_City'])){
$_SESSION['W_City'] = $_POST['W_City'];}
if(isset($_SESSION['W_Telephone'])){
$_SESSION['W_Telephone'] = $_POST['W_Telephone'];}
?>
And my CV.php
<?
session_start();
ini_set('display_errors',1);
error_reporting(E_ALL);
//include connection profile
require_once("Sql/con.php");
include("config.php");
//declare variables with sessions
$FirstName = $_SESSION['FirstName'];
$LastName = $_SESSION['LastName'];
$dob = $_SESSION['dob'];
$Age = $_SESSION['Age'];
$AddressLine1 = $_SESSION['AddressLine1'];
$AddressLine2 = $_SESSION['AddressLine2'];
$PostCode = $_SESSION['PostCode'];
$City = $_SESSION['City'];
$County = $_SESSION['County'];
$Country = $_SESSION['Country'];
$Mobile = $_SESSION['Mobile'];
$Telephone = $_SESSION['Telephone'];
$Email = $_SESSION['Email'];
$Skills = $_SESSION['Skills'];
$ReasonApp = $_SESSION['ReasonApp'];
$SchoolName = $_SESSION['SchoolName'];
$Course = $_SESSION['Course'];
$Certificate = $_SESSION['Certificate'];
$DateFrom = $_SESSION['DateFrom'];
$DateTo = $_SESSION['DateTo'];
$CollName = $_SESSION['CollName'];
$CollQualification = $_SESSION['CollQualification'];
$CollYear = $_SESSION['CollYear'];
$WorkName = $_SESSION['WorkName'];
$WorkDesc = $_SESSION['WorkDesc'];
$W_AddressLine1 = $_SESSION['W_AddressLine1'];
$W_AddressLine2 = $_SESSION['W_AddressLine2'];
$W_PostCode = $_SESSION['PostCode'];
$W_City = $_SESSION['City'];
$W_Telephone = $_SESSION['Telephone'];
//database connection
$dblink = mysqli_connect($mysql_host,$mysql_user,$mysql_pw,$mysql_db) OR DIE ("Unable to
connect to database! Please try again later.");
//inserting information into tables
$order = "INSERT INTO CV_personal
(FirstName,LastName,dob,Age,AddressLine1,AddressLine2,PostCode,City,County,Country,Mobile,Telephone,Email,Skills,ReasonApp,SchoolName,Course,Certificate,DateFrom,DateTo,CollName,CollQualification,CollYear,WorkName,WorkDesc,W_AddressLine1,W_AddressLine2,W_City,W_Telephone)
VALUES
('$FirstName',
'$LastName',
'$dob',
'$Age',
'$AddressLine1',
'$AddressLine2',
'$PostCode',
'$City',
'$County',
'$Country',
'$Mobile',
'$Telephone',
'$Email',
'$Skills',
'$ReasonApp',
'$SchoolName',
'$Course',
'$Certificate',
'$DateFrom',
'$DateTo',
'$CollName',
'$$CollQualification',
'$ColYear',
'$WorkName',
'$WorkDesc',
'$W_AddressLine1',
'$W_AddressLine2',
'$W_PostCode',
'$W_City',
'$W_Telephone',)";
//declare in the order variable
$result = mysqli_query($dblink, $order); //order executes
?>
On my final page do i need to had my form into the session because i declared a variable for them on Cv.php ?
Thank you
In your first two blocks of code, you should be checking if the $_POST[...] is set, not the $_SESSION[...] because that it what you are assigning, so it won't cause an error.
On CV.php you should check whether the $_SESSION[...] exists before assigning it to a variable or else it WILL cause an error.
Tip:
If you are going to name your variables exactly the name of all your keys in the $_SESSION array. You can just substitute you many lines with this single line:
extract($_SESSION);
More on extract: http://www.php.net/extract
Related
I am wanting to keep a table log history of executed MySQLI queries and log the specific user who executed a query and date & time the query was executed - on any (all) of my PHP pages.
What is the best way and simplest way to achieve this?
PHP
session_start();
if(!isset($_SESSION["username"])){
header("Location: login.php");
exit(); }
$connection = mysqli_connect("****", "****", "****", "****");
if (!$connection) {
die("Database connection failed: " . mysqli_connect_error());
}
if(isset($_POST['update'])) {
$accountNo = $_GET['ID'];
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$dob = $_POST['dob'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$town = $_POST['town'];
$postcode = $_POST['postcode'];
Recommendation from a SO user:
However, there are errors with this suggestion ...many.
$query = "UPDATE usertable set firstname = '".$firstname."', surname='".$surname."', dob='".$dob."', email='".$email."', phone='".$phone."', address='".$address."', town='".$town."', postcode='".$postcode."' where accountNo='".$accountNo."'";
$log_action = mysqli_query($connection,$query);
$result = mysqli_query($connection,$query);
if($result) {
define("LOG_FILE", "https://www.*******.com/logfile.txt");
function log_action($action, $data) {
$time = date('Y-m-d h:i:s');
$user = isset($_SESSION['username']) ? $_SESSION['username'] : '';
$message = "$time\tuser=$user\taction=$action\tdata=$data\n";
file_put_contents(LOG_FILE, $message, FILE_APPEND);
}
Write a wrapper library that logs all the mysqli calls that you want to record, e.g.
function my_mysqli_query($link, $query, $resultmode = MYSQLI_STORE_RESULT) {
log_action('mysqli_query', $query);
return mysqli_query($link, $query, $resultmode);
}
function my_mysqli_prepare($link, $query) {
log_action('mysqli_prepare', $query);
return mysqli_prepare($link, $query);
}
...
define("LOG_FILE", "/path/to/logfile.txt");
function log_action($action, $data) {
$time = date('Y-m-d h:i:s');
$user = isset($_SESSION['username']) ? $_SESSION['username'] : '';
message = "$time\tuser=$user\taction=$action\tdata=$data\n";
file_put_contents(LOG_FILE, $message, FILE_APPEND);
}
I've written it to log to a file. You could log to a database table instead, it's just more code in log_action().
Then do a global replace in all your other scripts, replacing mysqli_query with my_mysqli_query, mysqli_prepare with my_mysqli_prepare, and so on. So your code would look like:
if(isset($_POST['update'])) {
$accountNo = $_GET['ID'];
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$dob = $_POST['dob'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$town = $_POST['town'];
$postcode = $_POST['postcode'];
$query = "UPDATE usertable set firstname = '".$firstname."', surname='".$surname."', dob='".$dob."', email='".$email."', phone='".$phone."', address='".$address."', town='".$town."', postcode='".$postcode."' where accountNo='".$accountNo."'";
$result = my_mysqli_query($connection,$query);
if ($result) {
echo "Update successful";
}
}
I have the error mentioned in the title. It occurs when I click the submit button on the form. Here is my form handle file (I don't think that its necessary to copy the form codes):
<?php
$servername = "localhost";
$username = "sabashel_sabaadm";
$password = "saba1365%karaj#*";
$dbname = "sabashel_saba";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$fname = $lname = $gender = $birthdate = $organization = $degree = $field = $address = $post_code = $mobile = $email = $check_1 = $check_2 = $check_3 = $check_4 = $check_5 = $check_6 = $check_7 = $check_8 "";
$check_9 = $check_10 = $check_11 = $check_12 = $check_13 = $description = $person_image = "";
if(isset($_POST['fname']) && isset($_POST['lname']) && isset($_POST['gender']) && isset($_POST['birthdate']) && isset($_POST['degree']) && isset($_POST['filed-of-study']) && isset($_POST['address']) && isset($_POST['post-code']) && isset($_POST['mobile']) && isset($_POST['email']) && isset($_POST['check-1']) && isset($_POST['check-2']) && isset($_POST['check-3']) && isset($_POST['check-4']) && isset($_POST['check-5']) && isset($_POST['check-6']) && isset($_POST['check-7']) && isset($_POST['check-8']) && isset($_POST['check-9']) && isset($_POST['check-10']) && isset($_POST['check-11']) && isset($_POST['check-12']) && isset($_POST['check-13']) && isset($_POST['description']) && isset($_POST['person-iamge'])){
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$gender = $_POST['gender'];
$birthdate = $_POST['birdthdate'];
$organization = $_POST['organization'];
$degree = $_POST['degree'];
$field = $_POST['field-of-study'];
$address = $_POST['address'];
$post_code = $_POST['post-code'];
$mobile = $_POST['mobile'];
$email = $_POST['email'];
$check_1 = $_POST['check-1'];
$check_2 = $_POST['check-2'];
$check_3 = $_POST['check-3'];
$check_4 = $_POST['check-4'];
$check_5 = $_POST['check-5'];
$check_6 = $_POST['check-6'];
$check_7 = $_POST['check-7'];
$check_8 = $_POST['check-8'];
$check_9 = $_POST['check-9'];
$check_10 = $_POST['check-10'];
$check_11 = $_POST['check-11'];
$check_12 = $_POST['check-12'];
$check_13 = $_POST['check-13'];
$description = $_POST['description'];
$person_image = $_POST['person-image'];
$iftest = true;
}
if ($iftest == true) {
$query = "INSERT INTO volunteer (fname, lname, gender, organization, degree, field, address, post_code, mobile, email, check_1, check_2, check_3, check_4, check_5, check_6, check_7, check_8, check_9, check_10, check_11, check_12, check_13, description, person_image, birthdate) VALUES ('$fname', '$lname', '$gender', '$organization', '$degree', '$field', '$address', '$post_code', '$mobile', '$email', '$check_1', '$check_2', '$check_3', '$check_4', '$check_5', '$check_6', '$check_7', '$check_8', '$check_9', '$check_10', '$check_11', '$check_12', '$check_13', '$description', '$person_image', '$birthdate')";
}
$result = mysqli_query($conn, $query);
if ($result) {
header('Location: http://sabashelter.com/success');
}
else {
header('Location: http://sabashelter.com/fail');
}
}
$conn->close();
?>
And to mention: I have the same exact problem with another page which does the same thing and tries to add a lot of values into the database using the same code. I'm wondering if the problem in this page solves, the same method can be done to the other page as well.
As #CBroe rightly says, check your log files first. It would appear that you are missing an = on line 14.
$fname = $lname = $gender = $birthdate = $organization = $degree = $field = $address = $post_code = $mobile = $email = $check_1 = $check_2 = $check_3 = $check_4 = $check_5 = $check_6 = $check_7 = $check_8 = "";
Furthermore, you have a stray } on line 60.
Your error log file will help you resolve these issues.
I have made a register form with php and mysql. It works only if it is introduced diffrent name of user each time. How can i rezolve that? because sometimes i want to insert the same name in the database.
My code:
require('connect.php');
if (isset($_POST['adresa'])) {
$username = $_POST['username'];
$email = $_POST['email'];
$adresa = $_POST['adresa'];
$judet = $_POST['judet'];
$telefon = $_POST['telefon'];
$localitate = $_POST['localitate'];
$bon = $_POST['bon'];
$date = $_POST['date'];
$premiu = $_POST['premiu'];
$query = "INSERT INTO user (username, adresa, email,judet,telefon,localitate,bon,date,premiu,acord) VALUES ('$username', '$adresa', '$email','$judet','$telefon','$localitate','$bon','$date','$premiu','$acord')";
$result = mysql_query($query);
}
Use for check user name existence
<?php
require('connect.php');
if (isset($_POST['adresa'])) {
$username = $_POST['username'];
$email = $_POST['email'];
$adresa = $_POST['adresa'];
$judet = $_POST['judet'];
$telefon = $_POST['telefon'];
$localitate = $_POST['localitate'];
$bon = $_POST['bon'];
$date = $_POST['date'];
$premiu = $_POST['premiu'];
$chk_query = mysql_query("Select (username) from user where username=$username");
$num = mysql_num_rows($chk_query);
if($num < 1)
{
$query = "INSERT INTO user (username, adresa, email,judet,telefon,localitate,bon,date,premiu,acord) VALUES ('$username', '$adresa', '$email','$judet','$telefon','$localitate','$bon','$date','$premiu','$acord')";
$result = mysql_query($query);
}
else { echo "User name exist"; }
}
?>
If you can't insert multiple users with the same name to the database then the username field must have been flagged as UNIQUE at table declaration.
To remove this restriction use DROP INDEX
Note that, if the username field is a primary key you will need to drop the primary key and introduce another, a BIGINT for example (Best option).
IMPORTANT : mysql_ functions are deprecated and you should stop using them. Use mysqli_ or PDO instead
I have a registration form that the user enters data in. Then after it is posted to the same page and checked for null fields, the variables are put in the $_SESSION array and the user is directed to another form to enter another set of data in a table. After posting those variables, the variables from the previous page are extracted from $_SESSION and the new values are checked for null entries. After they are checked in a for loop, php script mysteriously stops (die("<h1> GOT HERE! </h1>") no longer appears on the screen) and the page keeps loading. After waiting for a while the page reloads itself.
I've been using die() for a while now to find the error, but it just doesn't echo between the for-loop and the if statement, and there is no apparent reason why it shouldn't. Here have a look:
<?php
session_start();
function sanitize($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if($_SESSION["registering"] != 1){
die("This page is to be used only when registering. Go to home page and select the seminar you want and click Register");
}else if($_SESSION["registered"] == 1){
die("You have already registered. Thank you. You can no longer access this page. To view your registration report, click here. ");
}else{
$id = sanitize($_SESSION["id"]);
$attendees = sanitize($_SESSION["attendees"]);
$ref_code = sanitize($_SESSION["Ref_Code"]);
$email = sanitize($_SESSION["email"]);
$prefix = sanitize($_SESSION["prefix"]);
$first_name = sanitize($_SESSION["first_name"]);
$last_name = sanitize($_SESSION["last_name"]);
$company = sanitize($_SESSION["company"]);
$address1 = sanitize($_SESSION["address1"]);
$address2 = sanitize($_SESSION["address2"]);
$user_city = sanitize($_SESSION["city"]);
$phone = sanitize($_SESSION["phone"]);
$responsibility = sanitize($_SESSION["responsibility"]);
$who_referred = sanitize($_SESSION["who-referred"]);
$role = sanitize($_SESSION["role"]);
$server = "MYREAL_DATABASE_SERVER";
$username = "CORRECT_USERNAME";
$password = "CORRECT_PASSWORD";
$dbname = "DB_NAME";
$conn = new mysqli($server, $username, $password, $dbname);
$query = "
SELECT *
FROM Seminar_Detail
WHERE Detail_id = '". $id ."'
";
$result = $conn->query($query);
if($result->num_rows == 0 ){
header("Location: ManagementSeminars.php");
}
$seminar = $result->fetch_assoc();
$name = $seminar["Seminar_Name"];
$city = $seminar["City"];
$from = $seminar["From"];
$to = $seminar["To"];
$fee = '';
$query = "SELECT Value FROM Fee WHERE Seminar_Name = '". $name ."' AND Currency = 'GBP'";
$result = $conn->query($query);
if($result->num_rows > 0){
$row = $result->fetch_assoc();
$fee = $row["Value"];
}
if($_SERVER["REQUEST_METHOD"] == "POST"){
$terminate = 0;
for($i = 1; i < ($attendees + 1); $i++){
if(isset($_POST["prefix-".$i]) && isset($_POST["first_name-".$i]) && isset($_POST["last_name-".$i]) && isset($_POST["position-".$i])){
$terminate = 0;
}else{
$terminate = 1;
}
}
die("<h1>".$terminate."</h1>");
if($terminate != 1){
$server = "SERVER";
$username = "USERNAME";
$password = "PASSWORD";
$dbname = "DBNAME";
$conn = new mysqli($server, $username, $password, $dbname);
$query = "
INSERT INTO Registry (Seminar_Name, Number_Attendees, Email, Prefix, First_Name, Last_Name, Company, `Address 1`, `Address 2`, City, Phone, Responsibility, Role, Who_Referred, Ref_Code)
VALUES ('". $name ."', '". $attendees ."', '".$email."', '".$prefix."', '".$first_name."', '".$last_name."', '".$company."', '".$address1."', '".$address2."', '".$user_city."', '".$phone."', '".$responsibility."', '".$role."', '".$who_referred."', '".$ref_code."')
";
$conn->query($query);
//ignore this part please
/*$query = "SELECT Registry_ID FROM Registry WHERE Ref_Code = '". $_SESSION["Ref_Code"] ."'";
$result = $conn->query($query);
$row = $result->fetch_assoc();
$registry_id = $row["Registry_ID"];
$attendee_first_name = "";
$attendee_last_name = "";
$attendee_position = "";
$stmt = $conn->prepare("
INSERT INTO Attendee (First_Name, Last_Name, Position, Registry_ID)
Values (?, ?, ?, ?)
");
$stmt->bindParam("ssss", $attendee_first_name, $attendee_last_name, $attendee_position, $registry_id);
for($i = 1; $i < $_SESSION["attendees"] + 1; $i++){
$attendee_first_name = sanitize($_POST["first_name-".$i]);
$attendee_last_name = sanitize($_POST["last_name-".$i]);
$attendee_position = sanitize($_POST["position-".$i]);
$stmt->execute();
}*/
}else{
$errorMessage = "<div class='alert alert-danger alert-dismissable'>
<strong>Oops!</strong> You have not entered all values.
</div>";
}
}
}
?>
I am positive that it is not a syntax error. Any help is appreciated!
The problem might be in this line
for($i = 1; i < ($attendees + 1); $i++){
You missed $ sign in i. It should be:
for($i = 1; $i < ($attendees + 1); $i++){
Having used error reporting, would have signaled an undefined constant i notice.
Add error reporting to the top of your file(s) which will help find errors.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// rest of your code
Sidenote: Error reporting should only be done in staging, and never production.
So I am creating a forum and currently working on the sign up script. I have the sign up form in the signup.php page and the processing part in the signup_process.php
I have an issue where only a current user is able to sign up a new user when they are signed in, any suggestions on how to fix this. I am not able to sign up a new user when I am not logged in as a current one.
Below is my signup_process.php page:
<?php
include "includes/pagetop.php";
include "includes/header.php";
include "includes/nav.php";
?>
<?php
$_SESSION['username'] = $_POST['username'];
$_SESSION['fname'] = $_POST['fname'];
$_SESSION['surname'] = $_POST['surname'];
$_SESSION['dob'] = $_POST['dob'];
$_SESSION['emailaddress'] = $_POST['emailaddress'];
$_SESSION['password'] = $_POST['password'];
$_SESSION['gender'] = $_POST['gender'];
$_SESSION['city'] = $_POST['city'];
$_SESSION['sports'] = $_POST['sports'];
$username = $_POST['username'];
$fname = $_POST['fname'];
$surname = $_POST['surname'];
$dob = $_POST['dob'];
$emailaddress = $_POST['emailaddress'];
$password = $_POST['password'];
$gender = $_POST['gender'];
$city = $_POST['city'];
$query = "INSERT INTO user
(
user_username,
user_firstname,
user_surname,
user_dob,
user_email,
user_password,
user_gender,
user_city,
user_active
)
VALUES(
'".$_POST['username']."',
'".$_POST['firstname']."',
'".$_POST['surname']."',
'".$_POST['dob']."',
'".$_POST['email']."',
'".$_POST['password']."',
'".$_POST['gender']."',
'".$_POST['city']."',
'1'
) ";
mysql_query($query) or die (mysql_error());
$lastid = mysql_insert_id();
$sports = $_POST['sports'];
foreach ($sports as $key => $value){
$query2 = " INSERT INTO usersport
(
usersport_user_id,
usersport_sport_id
)
VALUES(
'".$lastid."',
'".$value."'
)";
mysql_query($query2) or die (mysql_error());
}
?>
If you are talking about inserting duplicate users, you could solve this making on the database a primary key on username and an unique index on emailaddress.
If you are talking about the sign up page being served while a user is currently authenticated, you could create a session variable that is set to true when the current user authenticates into the system. Them you could check if this variable is false to serve the sign up page, or give a error otherwise.
And you have a sql injection vulnerability in your code, you should consider using prepared statements instead of plain text.