-1

so I have a problem with my guestbook, hope you could find my mistake...

this is my form:

<html>
<head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<link rel="stylesheet" href="styles.css">
<title> - Contact me | USA </title>
</head>
<body>
<form method="post" action="addguestbook.php">
<table width="400" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td><strong>Atsiliepimų knyga </strong></td>
</tr>
</table>
<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form id="form1" name="form1" method="post" action="addguestbook.php">
<td>
<table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td width="117">Vardas</td>
<td width="14">:</td>
<td width="357"><input name="name" type="text" id="name" size="40" /></td>
</tr>
<tr>
<td>Email</td>
<td>:</td>
<td><input name="email" type="text" id="email" size="40" /></td>
</tr>
<tr>
<td valign="top">Komentaras</td>
<td valign="top">:</td>
<td><textarea name="comment" cols="40" rows="3" id="comment"></textarea></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Submit" /> <input type="reset" name="Submit2" value="Reset" /></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<table width="400" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td><strong><a href="viewguestbook.php">View Guestbook</a> </strong></td>
</tr>
</table>
</form>
</body>
</html>

this is the php code for adding the info into MYSQL table:

<?php
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="guestbook"; // Table name 

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect server "); 
mysql_select_db("$db_name")or die("cannot select DB");

$datetime=date("y-m-d h:i:s"); //date time

$sql="INSERT INTO $tbl_name(name, email, comment, datetime)VALUES('$name', '$email', '$comment', '$datetime')";
$result=mysql_query($sql);

if (isset($_POST['submit']))
  {
    $name=$_POST['name'];
 
    $email=$_POST['email'];
 
    $comment=$_POST['comment'];
 
 
 if(!$name || !$comment)
    {
      print "<font color='red'>Name or comment not entered, please go back and sign again</font><br>";
    }
 
   else
    {
 
     $datetime=date("D M d, Y H:i:s");    
     $putinguestbook="INSERT INTO gbook(name, email, comment) VALUES('$name','$email','$comment','$day')";
  $result=mysql_query($putinguestbook);
 
 
 
    }
  }
 
         if($result){
echo "Successful";
echo "<BR>";
echo "<a href='viewguestbook.php'>View guestbook</a>"; // link to view guestbook page
}
 
else {
echo "ERROR";
}
 
 
mysql_close();
?>

and this is the code for viewing the guestbook:

<table width="400" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td><strong>View Guestbook | <a href="guestbook.php">Sign Guestbook</a> </strong></td>
</tr>
</table>
<br>

<?php

$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="guestbook"; // Table name 

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect server "); 
mysql_select_db("$db_name")or die("cannot select DB");
$sql="SELECT * FROM $tbl_name";
$result=mysql_query($sql);
while($rows=mysql_fetch_array($result)){
?>

<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<td><table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td>ID</td>
<td>:</td>
<td><? echo $rows['id']; ?></td>
</tr>
<tr>
<td width="117">Name</td>
<td width="14">:</td>
<td width="357"><? echo $rows['name']; ?></td>
</tr>
<tr>
<td>Email</td>
<td>:</td>
<td><? echo $rows['email']; ?></td>
</tr>
<tr>
<td valign="top">Comment</td>
<td valign="top">:</td>
<td><? echo $rows['comment']; ?></td>
</tr>
<tr>
<td valign="top">Date/Time </td>
<td valign="top">:</td>
<td><? echo $rows['datetime']; ?></td>
</tr>
</table></td>
</tr>
</table>

<?php
}
mysql_close(); //close database
?>

And i get an error, that says:

Notice: Undefined variable: name in D:\wamp\www\addguestbook.php on line 14

Notice: Undefined variable: email in D:\wamp\www\addguestbook.php on line 14

Notice: Undefined variable: comment in D:\wamp\www\addguestbook.php on line 14

And I can't find the right way to correct this... Would be very thankful if you helped me :)

Community
  • 1
  • 1
Andrew
  • 82
  • 7
  • Well, I read that question, but didn't really understand what was going on there, so I created my own. Sorry if it's against the rules :( – Andrew Mar 27 '14 at 13:20
  • In your query (`$sql="INSERT..`) you use these variables - although they haven't been defined yet. That is what the error is and says (it even points to the correct line). You need to learn how to research and debug yourself, otherwise I have bad news for you. Programming isn't always easy, you'll get many many errors along the way - to find out how to solve them is essential to be successful – kero Mar 27 '14 at 13:22
  • Yeah, I know this... But I'm just in a hurry to finish my final project and then I'm all into programming, and learning it myself ^^ I just understood, that courses that I took were really not that good, and I still don't understand much, so I'm about to get deep into PHP, JS myself. Thankyou for pointing the mistake ^^ – Andrew Mar 27 '14 at 13:25
  • Others using the same crappy code have the same problem http://bytes.com/topic/php/answers/923207-undefined-variable-php-error-guestbook-app, from 2005 http://board.phpbuilder.com/showthread.php?10313156-How-to-check-if-forum-is-being-hacked-or-what-(major-SPAM-issues) – Mike B Mar 27 '14 at 13:27
  • @MikeB I know, I saw that post, but I can't understand whats happening there. I'm kind of a begginner so I'ts hard for me to understand. Sorry for being stupid I guess ^^ – Andrew Mar 27 '14 at 13:30

3 Answers3

1

Look at this snippet (from your script to add to the database):

$sql="INSERT INTO $tbl_name(name, email, comment, datetime)VALUES('$name', '$email', '$comment', '$datetime')";
$result=mysql_query($sql);

if (isset($_POST['submit']))
{
    $name=$_POST['name'];
    $email=$_POST['email'];
    $comment=$_POST['comment'];
    ....
}

As you can see, you're using the variable $name, $email and others in the INSERT query, but only in the if-clause you define them ($name = $_POST['name']). You should either place the INSERT query inside the if clause as well (after the declaration of your variables), or, if it is meant to be there, define the variables.

Most probably this is what you want:

if (isset($_POST['submit']))
{
    $name=$_POST['name'];
    $email=$_POST['email'];
    $comment=$_POST['comment'];

    $sql="INSERT INTO $tbl_name(name, email, comment, datetime)VALUES('$name', '$email', '$comment', '$datetime')";
    $result=mysql_query($sql);
    ....
}

And ofcourse I have to urge you to read this post about SQL injection, because as it is now, you're script is very unsafe.

Community
  • 1
  • 1
giorgio
  • 10,111
  • 2
  • 28
  • 41
  • Thankyou very much, but this isn't the case right now. This project is going to be shown to my teacher only through WAMP server, so it's not a problem I guess. But I'll keep in mind when I'm posting it online, thankyou^^ – Andrew Mar 27 '14 at 13:33
  • you can impress your teacher if you fix that ;) – giorgio Mar 27 '14 at 13:36
0

Your setting the $name, $email and $comment variables after you are assign them to the $sql string.

$sql="INSERT INTO $tbl_name(name, email, comment, datetime)VALUES('$name', '$email', '$comment', '$datetime')";
$result=mysql_query($sql);

if (isset($_POST['submit']))
  {
    $name=$_POST['name'];

    $email=$_POST['email'];

    $comment=$_POST['comment'];
Oliver Bayes-Shelton
  • 6,135
  • 11
  • 52
  • 88
0

this variables are not declared and you should declare them before use. You can add to addguestbook.php:

$name = htmlspecialchars($_POST["name"]);
$email = htmlspecialchars($_POST["email"]);
$comment = htmlspecialchars($_POST["comment"]);

before:

$sql="INSERT INTO $tbl_name(name, email, comment, datetime)VALUES('$name', '$email', '$comment', '$datetime')";
Oleg
  • 67
  • 2