Issues with undefined index in php/mysql

Question

I hope that I describe my problem properly. I have created a database for a cafeteria. This has the following tables: orders, members ISA manager and servers, products and categories. In the table orders I should insert features such as title,quantity,datetime,sum and user name of the corresponding server. I've managed to do so via php in my files posted before in this forum (follow the link: Insert data from textbox and checkbox into database ).

The web environment so far is consisted of : a)index.php, members.php (these files are responsible for the login and the authentication of any kind of user, either the administrator or serves. b)addorder_form.php and addorder.php as far the order form and the insert of the order details in database. I cannot make my system print the username of each server for each order. I tried something like this but I 've got the error of undefined index username :

 <?php
    session_start();
            include_once("buzzcafe_fns.php");
            include_once("members.php");
            do_html_header("");

    $conn = mysql_connect("localhost", "root", "");
    $db=mysql_select_db("buzzcafe" ,$conn);
    db_connect();
    if (isset($_SESSION['username']){
    if (isset($_POST['products'])) {
      if (isset($_POST['quantity'])) { 
           foreach($_POST['products'] as $key => $products){
                $quantity = isset($_POST['quantity'][$key])? $_POST['quantity'][$key]:'Not selected';
                date_default_timezone_set('Europe/Athens');
                $date = date('Y-m-d H:i:s');
                $message[] = $products.' - x'.$quantity;
                $insertOrder = mysql_query("INSERT INTO orders (datetime,title,quantity,username) VALUES('".$date."','".$products."','".$quantity."', '".$_SESSION['username']."')")or die(mysql_error());
                echo $_SESSION['username'];
                }
            }
            echo implode(',', $message);
            echo "<br/>";
            echo "<br />Record inserted";
            echo "<br/>";
            echo $date;
        }
        else { echo "You did not choose a quantity."; }
     }else { echo "You did not choose any product."; }
    }
    ?>

Why is username undefined?

A part of members.php:

  <?php 
    if (isset($_POST['username']) && isset($_POST['password'])) {
        $username = $_POST['username'];
        $password = $_POST['password'];

        if ((!$username) || (!$password)) {
            do_html_header('');

            echo '<h3 style="color:#800000;">Please fill in both fields</h3><br><br></br></br>';
            display_login_form();
        }       
        else {
        $sql = mysql_query('SELECT * FROM members WHERE username="'.$_POST['username'].'" AND password=sha1("'.$_POST['password'].'")') or die(mysql_error());
        $login_check_member = mysql_num_rows($sql);
        if($login_check_member > 0) {
                 while($row = mysql_fetch_array($sql)) {
                    $role = $row["role"];
                    $_SESSION['role'] = $role;
                    $us = $row["username"];
                    $_SESSION['username'] = $us; 
                    $username = $_SESSION['username'];
                }
            }

I include this file in my addorder.php file.

Please don't use any mysq_* functions as they are deprecated. Consider using [PDO](http://be1.php.net/pdo) or [MySQLi](http://php.net/manual/en/book.mysqli.php) — DarkBee, Sep 25 '13 at 13:24
**By building SQL statements with outside variables, you are leaving yourself wide open to SQL injection attacks.** Also, any input data with single quotes in it, like a name of "O'Malley", will blow up your SQL query. Please learn about using parametrized queries, preferably with the PDO module, to protect your web app. http://bobby-tables.com/php has examples to get you started, and [this question](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has many examples in detail. — Andy Lester, Sep 25 '13 at 13:26

Stephen Lake · Answer 1 · 2013-09-25T13:31:03.513

0

Probably because it's not defined?

Seems people are a little more concerned about your SQL than anything -- but this may help you in the actual question.

Throw this in there before them nested conditions:

if (defined($_SESSION['username'])) {
    echo 'Username is defined!';
}
else {
   die('Username is undefined!');
}

edited Sep 25 '13 at 13:31

answered Sep 25 '13 at 13:25

Stephen Lake

1,582
2
18
27

I did it and as you said is undefined. – Suspicius Sep 25 '13 at 13:28
2

So what does that tell you? Somewhere, where ever you are defining it's either being set to NULL, FALSE or not being defined at all. I'd suggest playing around with this piece of code... Move it around where you're defining variables. I'm pretty sure you'll figure it out. – Stephen Lake Sep 25 '13 at 13:33

Issues with undefined index in php/mysql

1 Answers1