Insert data into mysql database

Question

Im trying to insert data into my mysql databse. It succesfully inserts the data but the problem is everytime i load the page i recieve the following error.

   Notice: Undefined index: comment in 
   C:\wamp\www\CMS\addnews.php on line 42
   Call Stack
   #    Time    Memory  Function    Location
   1    0.0004  674184  {main}( )   ..\addnews.php:0

Im aware that the mysql extension is offically depreciated so please dont comment on that.

Here's my code

               <form id="insNews" name="insNews" method="POST" action="addnews.php">


                           <textarea rows="20" cols="90" name="comment"></textarea>
                           <input type="submit" name="InsertNews" id="InsertNews">
                       <?php
                          include 'db.php';
                          $comment=$_POST['comment']; // **ERROR HERE**
                          $tablename="news";
                          $sql="INSERT INTO $tablename(news_content)VALUES('$comment')";

                             if(isset($_POST['InsertNews'])) 
                             {
                             mysql_query($sql);
                            }

                      ?>

Answer 1

This means $_POST['comment'] has not been defined. In other words, a value for the field named comment has not been submitted by your form.

So you either:

1. Need to throw an error to your user and tell them comment is a required field and make sure a value is provided before submitting it to the database

2. Check to see if there is a value before assigning it to a variable. And if there is not, assign a default value.

FYI, Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

You also wide open to SQL injections

Answer 2

You appear to be trying to read data from your form when you generate the HTML document containing the form.

Since the form won't have been submitted at this time, the data won't be there.

You can either:

1. Move your form processing to a different script and set the URI for that script in the action
2. Branch your logic within the existing script. Test to see if the request method was POST, then decide if you want to process the form data and/or display the form based on that.

Either way, test to see if the array keys exist before trying to read them. If they don't, provide your own error state rather then checking a raw PHP error at the user.

Answer 3

you will have to check if $_POST['comment'] is successful and then execute the query

if isset($_POST['comment']){
$comment=$_POST['comment'];
$tablename="news";
$sql="INSERT INTO $tablename(news_content)VALUES('$comment')";

     mysql_query($sql);

}

Answer 4

You must check if variable exists.

<form id="insNews" name="insNews" method="POST" action="addnews.php">
    <textarea rows="20" cols="90" name="comment"></textarea>
    <input type="submit" name="InsertNews" id="InsertNews">
</form>

<?php
include 'db.php';
if (!empty($_POST['comment'])) {
    $comment   = $_POST['comment']; // **ERROR HERE**
    $tablename = "news";
    $sql="INSERT INTO $tablename(news_content)VALUES('" . mysql_real_escape_string($comment) . "')";

    if(isset($_POST['InsertNews'])) 
    {
        mysql_query($sql);
    }
}

?>

But I want to inform you that mysql_* lib is deprecated. Use PDO or mysqli instead this. Also, be care about Sql injection, if you want to use mysql_* functions, use mysql_real_escape_string.