My variables are undefined?

Question

I have a file named blog.php. The Db name is blog and the table name is comments. (This is for a comment box)

connect.php is my connection to the server. The action is blog.php.

My undefined variables are on lines: 3,4 & 5. I don't know why they are undefined, because in the tutorial there are no errors. Can you tell me why they are undefined?

 <?php
 require('connect.php');
 $name = $_POST['name'];
 $comment = $_POST['comment'];
 $submit = $_POST['submit'];

 if($submit){

   if($name && $comment){

     $insert = mysql_query("INSERT INTO blog(name,comment) VALUES('$name',' $comment')");

   }else{
     echo "Please fill out all the fields.";
   }

 }
 ?>


<!DOCTYPE html>
<html>
 <head></head>
 <body>
 <form action="blog.php" method ="POST">
  <table border="2" style="width: 250px; ">
    <th> Post A Comment: </th>
    <tr><td colspan="2">Name: <input type="text" name="name"></td></tr>
    <tr><td >Comment: <textarea style="height: 100px; width: 200px;" name="comment"></textarea></td></tr>
  </table>
  <input type="submit" value="Comment" style="margin-left: 178px;" name="submit">
</form>
 </body
</html>

What makes you think they're undefined? Also, please note that you're following a *terrible* tutorial. This code is *wide open* to SQL injection attacks, which is probably the most common and most basic vulnerabilities on the internet. — David, Jul 10 '15 at 17:58
On initial page load, your `$_POST` variable are not set, and will not be until after you post your form. Wrap them in an `if` -> `if(isset($_POST['submit']){ ...[your variables] ... }` — Sean, Jul 10 '15 at 18:00
If you can, you should [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) [statements](http://php.net/manual/en/pdo.prepared-statements.php) instead, and consider using PDO, [it's really not hard](http://jayblanchard.net/demystifying_php_pdo.html). — Jay Blanchard, Jul 10 '15 at 18:06
[Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Jay Blanchard, Jul 10 '15 at 18:10

Alex Andrei · Answer 1 · 2015-07-10T18:04:29.587

3

You get warnings when the code executes without submitting the form.

To avoid this add an if isset($_POST) to execute only after a POST request has been made, i.e. after the form has been submitted.

<?php
 require('connect.php');


if (isest($_POST)){
 $name = $_POST['name'];
 $comment = $_POST['comment'];
 $submit = $_POST['submit'];

 if($submit){

   if($name && $comment){

     $insert = mysql_query("INSERT INTO blog(name,comment) VALUES('$name',' $comment')");

   }else{
     echo "Please fill out all the fields.";
   }

 }
}
 ?>

edited Jul 10 '15 at 18:04

answered Jul 10 '15 at 18:00

Alex Andrei

7,315
3
28
42

1

**Err.** OP would get notices about undefined indexes, but not about undefined variables! – Rizier123 Jul 10 '15 at 18:01
at the end of your `if (isset($_POST))` you need an opening `{` – Derek Jul 10 '15 at 18:04
Thanks @DerekBaxter, edited the answer. – Alex Andrei Jul 10 '15 at 18:05
@Rizier123 aren't you are being a little nitpicky as (1) the OP never shows the exact error message, and (2) the OP states `My undefined variables are on lines: 3,4 & 5.`. So it is easy to assume that the OP's issue is with undefined `$_POST` indexes, and not really undefined variables – Sean Jul 10 '15 at 18:07
1

@Rizier123 you are correct but if my answer doesn't prove to be useful I will remove it – Alex Andrei Jul 10 '15 at 18:08
@Sean These two error messages are completely different. (And that's why I asked: http://stackoverflow.com/questions/31347284/my-variables-are-undefined/31347370?noredirect=1#comment50678049_31347284) – Rizier123 Jul 10 '15 at 18:08

My variables are undefined?

1 Answers1