0

I am trying to insert user input into a database on submit. I am required to use POSTBACK method but i am having problems. When open the registration page under al the text boxes it is saying Notice: Undefined variable: firstname in I:\twa\twa291\assignment1\rego.php on line 147

Notice: Undefined variable: middlename in I:\twa\twa291\assignment1\rego.php on line 147

Notice: Undefined variable: lastname in I:\twa\twa291\assignment1\rego.php on line 147

Notice: Undefined variable: user in I:\twa\twa291\assignment1\rego.php on line 147

ETC ETC ETC....

Doesnt it have to wait for the user to input? Why is this happening? Here is my code:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<link rel="stylesheet" type="text/css" href="stylesheet.css" />

<title>Registration</title>

<script>
function validateForm()
 {
 var x=document.forms["rego"]["gname"].value;
 if (x==null || x=="")
   {
   alert("Given name must be filled out");
   return false;
 }
 var x=document.forms["rego"]["mname"].value;
 if (x==null || x=="")
   {
   alert("Middle name must be filled out");
   return false;
 }
 var x=document.forms["rego"]["surname"].value;
 if (x==null || x=="")
   {
   alert("Surname must be filled out");
   return false;
 }
 var x=document.forms["rego"]["username"].value;
 if (x==null || x=="")
   {
   alert("Username must be filled out");
   return false;
 }
 var x=document.forms["rego"]["address"].value;
 if (x==null || x=="")
   {
   alert("Address must be filled out");
   return false;
 }
 var x=document.forms["rego"]["postcode"].value;
 if (x==null || x=="")
   {
   alert("Postcode must be filled out");
   return false;
 }
 var x=document.forms["rego"]["state"].value;
 if (x==null || x=="")
   {
   alert("State must be filled out");
   return false;
 }
 var x=document.forms["rego"]["tel"].value;
 if (x==null || x=="")
   {
   alert("Telephone must be filled out");
   return false;
 }
 var x=document.forms["rego"]["password"].value;
 if (x==null || x=="")
   {
   alert("Password must be filled out");
   return false;
 }
 var x=document.forms["rego"]["passconfirm"].value;
 if (x==null || x=="")
   {
   alert("Confirmation of password must be filled out");
   return false;
 }
}
</script>

</head>

<body>

<div id="container">
<div id="header">

<h1>Registration</h1></div>

<div id="menu">
<a href="home.php"><h2>Homepage</h2></a><br />
<a href="rego.php"><h2>Registration</h2></a><br />
<a href="userlogin.php"><h2>User Login</h2></a><br />
<a href="adminlogin.php"><h2>Administrator Login</h2></a><br />
<a href="tipping.php"><h2>Tipping</h2></a><br />
<a href="termsnconditions.php"><h2>Terms & Conditions</h2></a><br />
</div>

<form id="rego" action="<?php echo 
htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post" onSubmit="return validateForm()">

<label>Given Name:</label> <input type="text" name="gname"><br />
<br />
<label>Middle Name: </label><input type="text" name="mname"><br />
<br />
<label>Family Name:</label> <input type="text" name="surname"><br />
<br />
<label>Chosen Username:</label> <input type="text" name="username"><br />
<br />
<label>Address:</label> <input type="text" name="address"><br />
<br />
<label>Postcode: </label><input type="text" name="postcode"><br />
<br />
<label>State:</label> <input type="text" name="state"><br />
<br />
<label>Tel number: </label><input type="text" name="tel"><br />
<br />
<label>Password:</label> <input type="password" name="password"><br />
<br />
<label>Password confirmation:</label> <input type="password" name="passconfirm"><br />
<br />



<input type="submit" value="submit" name="submit">
</div>
</form>

<?php
require_once("conn.php");
if (isset($_REQUEST["submit"]))
{

   if (isset($_POST["submit"]))
   {

 $firstname = mysql_real_escape_string($_POST["gname"]);
 $middlename = mysql_real_escape_string($_POST["mname"]);
 $lastname = mysql_real_escape_string($_POST["surname"]);
 $user = mysql_real_escape_string($_POST["username"]);
 $addy = mysql_real_escape_string($_POST["address"]);
 $post = mysql_real_escape_string($_POST["postcode"]);
 $sta = mysql_real_escape_string($_POST["state"]);
 $telephone = mysql_real_escape_string($_POST["tel"]);
 $pass = mysql_real_escape_string($_POST["password"]);
 $systemuser= mysql_real_escape_string($_POST["susername"]);
   }
}



$sql = "INSERT INTO users(gname, mname, surname, username, address, postcode, state, tel, password)
VALUES('$firstname', '$middlename', '$lastname', '$user', '$addy', '$post', '$sta', '$telephone', 
'$pass')";   
$rs = mysql_query($sql, $conn);

if (!$rs) {
  die('Problem with query' . mysql_error());
}
echo "1 record added";



mysql_close($conn);
?>
</body>

</html>

PLEASE NOTE: i understand that mysql is being removed or something like that. But i am currently studying it in University and have no choice but to do it. I finish the subject in a week so if you could please bear with me itll be great. Thank you!

user3641114
  • 25
  • 2
  • 8
  • 1
    **warning** your code is vulnerable to sql injection attacks. (i'm putting this here to warn future readers) – Daniel A. White May 29 '14 at 14:00
  • 1
    **Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin May 29 '14 at 14:03
  • i am sorry i will fx this soon – user3641114 May 29 '14 at 14:08
  • i have edited to prevent sql injection – user3641114 May 29 '14 at 14:29

3 Answers3

1

You're creating your SQL query before the variables are defined. 

<?php
require_once("conn.php");
if (isset($_REQUEST["submit"]))
{

   if (isset($_POST["submit"]))
   {

     $firstname = $_POST["gname"];
     $middlename = $_POST["mname"];
     $lastname = $_POST["surname"];
     $user = $_POST["username"];
     $addy = $_POST["address"];
     $post = $_POST["postcode"];
     $sta = $_POST["state"];
     $telephone = $_POST["tel"];
     $pass = $_POST["password"];
   }




$sql = "INSERT INTO users(gname, mname, surname, username, address, postcode, state, tel, password)
VALUES('$firstname', '$middlename', '$lastname', '$user', '$addy', '$post', '$sta', '$telephone', 
'$pass')";   
$rs = mysql_query($sql, $conn);

if (!$rs) {
  die('Problem with query' . mysql_error());
}
echo "1 record added";



mysql_close($conn);
}
?>
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Pogrindis
  • 7,755
  • 5
  • 31
  • 44
  • Thank you! The errors have vanished. I now, however, get the error Problem with queryField 'susername' doesn't have a default value. the field susername is a hidden type input. How can i give it adefault value? – user3641114 May 29 '14 at 14:14
  • @user3641114 so on the type="hidden" add a value.. In the html. This will pass a value through so that it is defined. – Pogrindis May 29 '14 at 14:17
  • I just added susername into the insert statement and it doesnt give me that error instead: Problem with queryColumn count doesn't match value count at row 1. Sorry what does this mean? That i don't have the right amount of columns? – user3641114 May 29 '14 at 14:19
  • Sounds like the query doesnt match up with the database. Make sure your tables match up with the required fields in the table. – Pogrindis May 29 '14 at 14:23
  • I thought so, in the users table there are fields: username password gname mname surname address state postcode tel favorite fan susername score margin.. As you can see the fields 'favourite', 'fan', 'score' and 'margin' are in the users table too. But the registration page does not require these to be entered it is not until a second form displayed after the user registers that these fields are to be filled – user3641114 May 29 '14 at 14:26
0

Your db query isn't in your if statement, so is happening every time the script runs

Adam Hopkinson
  • 28,281
  • 7
  • 65
  • 99
0

You're trying to run SQL queries outside the IF statement that checks for user submission.

<?php
require_once("conn.php");
if (isset($_REQUEST["submit"]))
{

   if (isset($_POST["submit"]))
   {

     $firstname = $_POST["gname"];
     $middlename = $_POST["mname"];
     $lastname = $_POST["surname"];
     $user = $_POST["username"];
     $addy = $_POST["address"];
     $post = $_POST["postcode"];
     $sta = $_POST["state"];
     $telephone = $_POST["tel"];
     $pass = $_POST["password"];

$sql = "INSERT INTO users(gname, mname, surname, username, address, postcode, state, tel, password)
VALUES('$firstname', '$middlename', '$lastname', '$user', '$addy', '$post', '$sta', '$telephone', 
'$pass')";   
$rs = mysql_query($sql, $conn);

if (!$rs) {
  die('Problem with query' . mysql_error());
}
echo "1 record added";


   }
}
lucasvscn
  • 1,210
  • 1
  • 11
  • 16