PHP "Use of undefined constant" from $_POST

Question

New at this but have searched without success. I get the following errors on my script:

"Notice: Use of undefined constant sStatus - assumed 'sStatus' in"...

and

"Warning: mysql_numrows() expects parameter 1 to be resource, boolean given in"...

I'm hoping the later is due to the first issue. Please let me know if you need more of the code, but the parts it relates to are:

line31:

$sStatus = $_POST['sStatus'];

and lines 43 through 53:

if (sStatus == "all")
{
    $query="SELECT * FROM tickets WHERE RequestBy='$sName'";
}
else
{
    $query="SELECT * FROM tickets WHERE RequestBy='$sName' AND Status='$sStatus";
}
//put query in result and count rows ready to loop for table display
$result=mysql_query($query);
$num=mysql_numrows($result);

sStatus gets pulled from a form on the homepage and is either "0", "1" or "all. The same variable gets used further down in the script with an if to changed "0" or "1" to "open" or "closed" successfully.

Any help most appreciated. Martin

possible duplicate of [What does the PHP error message "Notice: Use of undefined constant" mean?](http://stackoverflow.com/questions/2941169/what-does-the-php-error-message-notice-use-of-undefined-constant-mean) — John Conde, Feb 25 '13 at 12:53
you forgot the $ in this line `if (sStatus == "all")` on sStatus — Tim Joyce, Feb 25 '13 at 12:55
You're also missing a single quote at the end of the second query. — Rickard Andersson, Feb 25 '13 at 12:55
You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Feb 25 '13 at 12:56

Prasanth Bendra · Accepted Answer · 2013-02-25T13:00:14.763

1

Change $sStatus = $_POST['sStatus']; to : $sStatus = isset($_POST['sStatus'])?$_POST['sStatus']:"";

Change if (sStatus == "all") to if ($sStatus == "all") => missing $

Change $num=mysql_numrows($result); to $num=mysql_num_rows($result);

edited Feb 25 '13 at 13:00

answered Feb 25 '13 at 12:55

Prasanth Bendra

31,145
9
53
73

thank you all very much for your help. Very embarrassing that they were effectively typos and not lack of knowledge, sorry for being so daft, but thank you for putting back on the right path. – user2107279 Feb 25 '13 at 13:40

score 0 · Answer 2 · answered Feb 25 '13 at 12:55

Error 1:

Usage of sStatus instead of $sStatus in line 43.

Error 2:

The function is called mysql_num_rows().

And on a side note: Please do not use mysql_* functions. Use PDO instead, especially for prepared statements, which will improve the security of your application as well.

score 0 · Answer 3 · answered Feb 25 '13 at 12:55

0

You are missing a "$":

if ($sStatus == "all")

That should get rid of the warning. Also, you are missing a single quote in the second query:

$query="SELECT * FROM tickets WHERE RequestBy='$sName' AND Status='$sStatus'";

Hope this helps.

answered Feb 25 '13 at 12:55

GarethL

1,473
1
15
16

score 0 · Answer 4 · answered Feb 25 '13 at 12:57

 if ($sStatus == "all")
 {
  $query="SELECT * FROM tickets WHERE RequestBy='$sName'";
 }
else
{
$query="SELECT * FROM tickets WHERE RequestBy='$sName' AND Status='$sStatus";
}

you are missing $sStatus "$", that's why it is assuming it as a constant. and i do agree, you should use the PHP PDO Object for Database manipulation, it makes queries very easy to work with..

PHP "Use of undefined constant" from $_POST

4 Answers4