PHP Error With Form - Undefined index

Question

I am trying to use a form to insert a new row into a MySQL database. I apologies if my code is poor, I am still very much a beginner in PHP.

Here is my current code:

    <?php
$page ="Add New Member";
require('header.php');
require('authentication.php');

if (isset($_POST)){
    $first_name = $_POST['first_name'];
    $last_name = $_POST['last_name'];
    $email = $_POST['email'];
    $mobile_number = $_POST['number'];
    $programme = $_POST['programme'];

    $db->query('INSERT INTO members (first_name, last_name, email, mobile_number, programme)
VALUES ($first_name, $last_name, $email, $mobile_number, $programme');
}

?>
<br />
               <div class="col-lg-8 col-lg-offset-2 col-md-8 col-md-offset-2">
                    <div class="panel panel-default">
                        <div class="panel-heading">
                            Add New Member
                        </div>
                        <div class="panel-body">
                            <div class="row">
                                <div class="col-lg-6">
                                    <form method="post">
                                        <div class="form-group">
                                            <label>Membership Number</label>
                                            <input name="mem_number" class="form-control" type="text" autocomplete="off" readonly value="<?php foreach($db->query('SELECT id FROM members ORDER BY id DESC LIMIT 1') as $row) {
                    echo $row['id']+1;}?>">
                                            <p class="help-block">This is automatically assigned.</p>
                                        </div>
                                        <div class="form-group">
                                            <label>First Name</label>
                                            <input type="text" name="first_name" class="form-control" autocomplete="off">
                                            <p class="help-block">Enter your first name here.</p>
                                        </div>
                                        <div class="form-group">
                                            <label>Last Name</label>
                                            <input type="text" name="last_name" class="form-control" autocomplete="off">
                                            <p class="help-block">Enter your last name here.</p>
                                        </div>
                                        <div class="form-group">
                                            <label>Email</label>
                                            <input type="email" name="email" class="form-control" autocomplete="off">
                                            <p class="help-block">Enter your email address here.</p>
                                        </div>
                                        <div class="form-group">
                                            <label>Mobile Number</label>
                                            <input type="text" name="phone_number" class="form-control" autocomplete="off">
                                            <p class="help-block">Enter your phone number here.</p>
                                        </div>
                                        <div class="form-group">
                                            <label>Programme</label>
                                            <select class="form-control" name="programme">
                                                <option>Bootcamp</option>
                                                <option>28 Day Fat Blaster</option>
                                            </select>
                                        </div>
                                        <button type="submit" class="btn btn-primary">Add Member</button>
                                        <button type="reset" class="btn btn-default">Reset Button</button>
                                    </form>
                                </div>
                                <!-- /.col-lg-6 (nested) -->

                            </div>
                            <!-- /.row (nested) -->
                        </div>
                        <!-- /.panel-body -->
                    </div>
                    <!-- /.panel -->
                </div>
                <!-- /.col-lg-12 -->

When I submit the form, I get the following error:

[Fri Oct 03 14:34:01.561508 2014] [:error] [pid 3813] [client 127.0.0.1:41855] PHP Notice:  Undefined index: first_name in /var/www/html/addmember.php on line 7, referer: http://localhost/members.php
    [Fri Oct 03 14:34:01.561613 2014] [:error] [pid 3813] [client 127.0.0.1:41855] PHP Notice:  Undefined index: last_name in /var/www/html/addmember.php on line 8, referer: http://localhost/members.php
    [Fri Oct 03 14:34:01.561639 2014] [:error] [pid 3813] [client 127.0.0.1:41855] PHP Notice:  Undefined index: email in /var/www/html/addmember.php on line 9, referer: http://localhost/members.php
    [Fri Oct 03 14:34:01.561663 2014] [:error] [pid 3813] [client 127.0.0.1:41855] PHP Notice:  Undefined index: number in /var/www/html/addmember.php on line 10, referer: http://localhost/members.php
    [Fri Oct 03 14:34:01.561686 2014] [:error] [pid 3813] [client 127.0.0.1:41855] PHP Notice:  Undefined index: programme in /var/www/html/addmember.php on line 11, referer: http://localhost/members.php
    [Fri Oct 03 14:34:30.224432 2014] [:error] [pid 3836] [client 127.0.0.1:41856] PHP Notice:  Undefined index: number in /var/www/html/addmember.php on line 10, referer: http://localhost/addmember.php

Now I understand that this means that $_POST['first_name'] is not defined, but I thought that it would be defined when it is posted.

My question is, what am I doing wrong?

Guess what `($first_name, $last_name, $email, $mobile_number, $programme')` - that's where your `Undefined index` warning stems from. — Funk Forty Niner, Oct 03 '14 at 13:43
possible duplicate of [What is the difference between single-quoted and double-quoted strings in PHP?](http://stackoverflow.com/questions/3446216/what-is-the-difference-between-single-quoted-and-double-quoted-strings-in-php) — Mark, Oct 03 '14 at 13:45
are you sure you aren't getting these notices when loading the form initially ? $_POST may always be set, perhaps you should check using empty($_POST) or better yet, have a hidden form field that you check to make sure that the form was actually submitted . — lonewolf217, Oct 03 '14 at 13:46
Plus missing values (value="???") for your select's options. This is a debugging-related question. Learn how to do that. — Funk Forty Niner, Oct 03 '14 at 13:46

Alex Quintero · Answer 1 · 2014-10-03T14:04:39.893

In this cases is useful to print the results of $_POST to debug/know the structure.

if( $_POST ) {
    die( print_r($_POST) );
    // or use
    // die( var_dump($_POST) );
}

This way, you know what's inside $_POST.

And here:

$db->query('INSERT INTO members (first_name, last_name, email, mobile_number, programme) VALUES ($first_name, $last_name, $email, $mobile_number, $programme)');

You should be using double quotes and bracking the variables:

$db->query("INSERT INTO members (first_name, last_name, email, mobile_number, programme) VALUES ('{$first_name}', '{$last_name}', '{$email}', '{$mobile_number}', '{$programme}')");

In fact, you should be using prepared statements and parameter bindings:

$db->query('INSERT INTO members (first_name, last_name, email, mobile_number, programme) VALUES (:first_name, :last_name, :email, :mobile_number, :programme)');

You've missed the closing bracket on `VALUES` within the query. — ʰᵈˑ, Oct 03 '14 at 14:03

score 1 · Accepted Answer · edited Jun 20 '20 at 09:12

1

Your errors are being triggered with these lines;

$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = $_POST['email'];
$mobile_number = $_POST['number'];
$programme = $_POST['programme'];

Therefore, you can do a simple check

$first_name = array_key_exists('first_name', $_POST) ? $_POST['first_name'] : "";

Checking the POST may also be a good idea in case the client modifies the HTML markup to not POST a form input (with the same name), throwing an error.
You should always check keys exists in an array before using them.
You should validate and sanitize all your inputs.

Now on to your query.

As these are string, you must treat them as such, by quoting them.

$db->query("INSERT INTO members (first_name, last_name, email, mobile_number, programme)
VALUES ('{$first_name}', '{$last_name}', '{$email}', '{$mobile_number}', '{$programme}')");

You were also not closing the VALUES bracket.
Look into prepared statements

Your programme input

You're missing value for your options

<select class="form-control" name="programme">
  <option value="bootcamp">Bootcamp</option>
  <option value="28_day_fat_blaster">28 Day Fat Blaster</option>
</select>

edited Jun 20 '20 at 09:12

Community

1
1

answered Oct 03 '14 at 13:54

ʰᵈˑ

11,279
3
26
49

1

*"Your errors are being triggered with these lines;"* - No they're not. 99% of OP's form elements are named. `name="first_name"` + `$first_name = $_POST['first_name'];` = correct, etc. The error stems from SQL interpreting the query as correct since it's entirely wrapped in encapsulated quotes. The `Undefined index` is coming from SQL trying to find "column" names, caused by the missing quotes for the VALUES variables. Your answer fixed it, great, but wasn't the cause, not from what you stated as being the cause. Contributing factor was missing single quotes and double quotes and bracket. – Funk Forty Niner Oct 03 '14 at 14:11
What the OP could have or should have done, was to use an input type for the submit button instead of a ` – Funk Forty Niner Oct 03 '14 at 14:19
1

@Fred-ii- Ah, I see. Thanks for the explanation, I missed that, and skipped ahead to my (shoddy) explanation – ʰᵈˑ Oct 03 '14 at 14:24

score 1 · Answer 3 · edited May 23 '17 at 12:21

The following line is incorrect and is missing quotes in a few places, including for your VALUES variables, and a missing bracket ).

$db->query('INSERT INTO members (first_name, last_name, email, mobile_number, programme) 
VALUES ($first_name, $last_name, $email, $mobile_number, $programme');

change it to:

$db->query("INSERT INTO members (first_name, last_name, email, mobile_number, programme) 
VALUES ('$first_name', '$last_name', '$email', '$mobile_number', '$programme')");

Your select is also missing values for them, so you will not get anything back from it.

<select class="form-control" name="programme">
    <option value="bootcamp">Bootcamp</option>
    <option value="fatblaster">28 Day Fat Blaster</option>
</select>

Suggestion:

Instead of if(isset($_POST)) use if(isset($_POST['submit'])){...} while using an input instead of a button.

I.e.:

<input type="submit" name="submit" value="Add Member">

it's more efficient than if(isset($_POST))

Your present code is open to SQL injection.
I suggest you use prepared statements, or PDO with prepared statements, they're safer.

PHP Error With Form - Undefined index

3 Answers3

Your errors are being triggered with these lines;

Now on to your query.

Your programme input