php Comments section on my website

Question

I have a problem with lines 4,5,6, everything works fine and the data is being sent to the database as well as outputting the results but i am getting this message when loading the page.

Undefined index: name in C:\xampp\htdocs\xampp\site\comment.php on line 4

Notice: Undefined index: comment in C:\xampp\htdocs\xampp\site\comment.php on line 5

Notice: Undefined index: submit in C:\xampp\htdocs\xampp\site\comment.php on line 6

Thanks again and any help would be much appreciated :) here is the code and thank you very much to anyone who can help me in advance

<?php
mysql_connect("localhost","root","");
mysql_select_db("commentbox");

$name= $_POST["name"];
$comment= $_POST["comment"];
$submit= $_POST["submit"];

$dbLink = mysql_connect("localhost", "root", "Broadband74");
    mysql_query("SET character_set_client=utf8", $dbLink);
    mysql_query("SET character_set_connection=utf8", $dbLink);

if($submit)
{
    if($name&&$comment)
    {
        mysql_query("INSERT INTO commenttable (name,comment) VALUES ('$name','$comment') ");
    }
    else
    {
        echo "please fill out all fields";
    }
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Comment box</title>
</head>

<body>
<center>
<form action="comment.php" method="POST">
<table>
<tr><td>Name: <br><input type="text" name="name"/></td></tr>
<tr><td colspan="2">Comment: </td></tr>
<tr><td colspan="5"><textarea name="comment" rows="10" cols="50"></textarea></td></tr>
<tr><td colspan="2"><input type="submit" name="submit" value="Comment"></td></tr>
</table>
</form>
<?php
$dbLink = mysql_connect("localhost", "root", "");
    mysql_query("SET character_set_results=utf8", $dbLink);
    mb_language('uni');
    mb_internal_encoding('UTF-8');

$getquery=mysql_query("SELECT * FROM commenttable ORDER BY id DESC");
while($rows=mysql_fetch_assoc($getquery))
{
    $id=$rows["id"];
    $name=$rows["name"];
    $comment=$rows["comment"];
    echo $name . '<br/>' . '<br/>' . $comment . '<br/>' . '<br/>' . '<hr size="1"/>'
;}
?>

</body>
</html>

please use `isset()` like: $name = isset($_POST['name'])? $_POST['name'] : null; — Benz, Jul 24 '13 at 15:00
Are you *actually* getting the inputs? Use `isset()` to check! — Amal Murali, Jul 24 '13 at 15:01
The PHP code at the top of the page is running when it's first loaded. Because the form hasn't yet been submitted, the variables it's looking for in $_POST aren't yet set. You should wrap the whole thing in an `if` to see if the form has been submitted; and check that each parameter has been set when you assign them to variables. — andrewsi, Jul 24 '13 at 15:02
*PSA:* The `mysql_*` functions are [deprecated in PHP 5.5](http://php.net/manual/en/faq.databases.php#faq.databases.mysql.deprecated). It is not recommended for writing new code as it will prevent you from upgrading in the future. Instead, use either [MySQLi](http://php.net/manual/en/book.mysqli.php) or [PDO](http://php.net/manual/en/book.pdo.php) and [be a better PHP Developer](http://jason.pureconcepts.net/2012/08/better-php-developer/). — Jason McCreary, Jul 24 '13 at 15:03
Just what @andrewsi says, move line 4,5,6 to your if($submit) and replace $submit with $_POST['submit'] — Ahmad, Jul 24 '13 at 15:08
**Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, May 20 '14 at 06:16

score 0 · Answer 1 · answered Jul 24 '13 at 15:03

<?php
mysql_connect("localhost","root","");
mysql_select_db("commentbox");

if(isset($_POST["name"]){
$name= $_POST["name"];
}
if(isset($_POST["comment"]){
$comment= $_POST["comment"];
}
if(isset($_POST["submit"]){
$submit= $_POST["submit"];
}

$dbLink = mysql_connect("localhost", "root", "Broadband74");
    mysql_query("SET character_set_client=utf8", $dbLink);
    mysql_query("SET character_set_connection=utf8", $dbLink);

if($submit)
{
if($name&&$comment)
{
mysql_query("INSERT INTO commenttable (name,comment) VALUES ('$name','$comment') ");
}
else
{
echo "please fill out all fields";
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Comment box</title>
</head>

<body>
<center>
<form action="comment.php" method="POST">
<table>
<tr><td>Name: <br><input type="text" name="name"/></td></tr>
<tr><td colspan="2">Comment: </td></tr>
<tr><td colspan="5"><textarea name="comment" rows="10" cols="50"></textarea></td></tr>
<tr><td colspan="2"><input type="submit" name="submit" value="Comment"></td></tr>
</table>
</form>
<?php
$dbLink = mysql_connect("localhost", "root", "");
    mysql_query("SET character_set_results=utf8", $dbLink);
    mb_language('uni');
    mb_internal_encoding('UTF-8');

$getquery=mysql_query("SELECT * FROM commenttable ORDER BY id DESC");
while($rows=mysql_fetch_assoc($getquery))
{
$id=$rows["id"];
$name=$rows["name"];
$comment=$rows["comment"];
echo $name . '<br/>' . '<br/>' . $comment . '<br/>' . '<br/>' . '<hr size="1"/>'
;}
?>

</body>
</html>

Why not just do the logic inside the `if` block? You also need to be checking if it's `empty`. — Kermit, Jul 24 '13 at 15:06

score 0 · Answer 2 · answered Jul 24 '13 at 15:04

0

When you first load the page there is no POST data bound to the request yet, so it's failing until the form is submitted. You could either check if the values are set using isset(), you could handle the error explicitly:

http://php.net/manual/en/language.exceptions.php

Or, you could put the form and the code to handle it on different pages.

answered Jul 24 '13 at 15:04

noah

424
1
4
10

Thank you so much,i put the form and the code to handle it on different forms and it works absolutely fine, this explains why i couldnt find a problem as i was looking for spelling mistakes :) – user2614834 Jul 24 '13 at 15:23

score 0 · Answer 3 · answered Jul 24 '13 at 15:05

You need to be using parameters with a either mysqli_ or PDO functions, but:

<?php
mysql_connect("localhost","root","");
mysql_select_db("commentbox");

$dbLink = mysql_connect("localhost", "root", "Broadband74");
    mysql_query("SET character_set_client=utf8", $dbLink);
    mysql_query("SET character_set_connection=utf8", $dbLink);

if($_POST["submit"])
{
    if( (isset($_POST["name"]) && !empty($_POST["name"])) &&
        (isset($_POST["comment"]) && !empty($_POST["name"])) )
    {
        $name= $_POST["name"];
        $comment= $_POST["comment"];
        mysql_query("INSERT INTO commenttable (name,comment) VALUES ('$name','$comment') ");
    }
    else
    {
        echo "please fill out all fields";
    }
}

score 0 · Answer 4 · answered Jul 24 '13 at 15:06

You have to check if your form was submitted before:

if(isset($_POST['submit']))
{    
    mysql_connect("localhost","root","");
    mysql_select_db("commentbox");

    $name= $_POST["name"];
    $comment= $_POST["comment"];
    $submit= $_POST["submit"];

    $dbLink = mysql_connect("localhost", "root", "Broadband74");
    mysql_query("SET character_set_client=utf8", $dbLink);
    mysql_query("SET character_set_connection=utf8", $dbLink);

    if($name&&$comment)
    {
        mysql_query("INSERT INTO commenttable (name,comment) VALUES ('$name','$comment') ");
    }
    else
    {
        echo "please fill out all fields";
    }
}

score 0 · Answer 5 · answered Jul 24 '13 at 15:07

Your PHP code is being executed every time the page is loaded. On the first load, the form inputs aren't given, and those values are unset. But your script tries to use $_POST['field'] and since PHP doesn't know about those fields, it just throws an Undefined Index error.

The solution to this issue is actually very simple. Use isset():

<?php

if(isset($_POST['submit']) { //checking if form was submitted

mysql_connect("localhost","root","");
mysql_select_db("commentbox");

$name = isset($_POST['name']) ? $_POST['name'] : null; 
$comment= isset($_POST['comment']) ? $_POST['comment'] : null; 
$submit= isset($_POST["submit"]) ? $_POST["submit"] : null;

$dbLink = mysql_connect("localhost", "root", "Broadband74");
    mysql_query("SET character_set_client=utf8", $dbLink);
    mysql_query("SET character_set_connection=utf8", $dbLink);

if($submit)
{
    if($name&&$comment)
    {
        mysql_query("INSERT INTO commenttable (name,comment) VALUES ('$name','$comment') ");
    }
    else
    {
        echo "please fill out all fields";
    }
}
?>

php Comments section on my website

5 Answers5