What could be wrong with this php code?

Question

i'm doing a voting system. After displaying all candidates from my DB, a user is to click on a candidate's image to vote. I am trying to use GET to get the matric number of a candidate so as to echo a text. The Error is this: Upon loading the page, an error message comes up even without clicking on any image as follows-

Notice: Undefined index: user in C:\xampp\htdocs\projects\onlinevoting\vote.php on line 74

Voted

What could be wrong?

if (isset($_POST['display'])) {
    $position_selected = $_POST['position_selected'];
    $sql = "SELECT * FROM candidate WHERE position='$position_selected'";
    $run_query = mysqli_query($db_conn, $sql);
    if (mysqli_num_rows($run_query) > 0) {

        $nr = mysqli_num_rows($run_query);
        echo '<h3 style="font-size:2em;text-align:center">('.$nr.') ASPIRANTS FOR <span style="color:maroon;text-decoration:underline"> '.$position_selected.'</span></h3>';

        while ($row = mysqli_fetch_array($run_query)) {
            echo '<div class="asp">
            <a class="votelink" href="?user='.$row["matno"].'"><img title="Click Image to Vote" height="300" width="300" src="data:image;base64,'.$row[6].' "></a><br><p style="font-weight:bolder;font-size:1.5em;width:300px;text-align:center;margin-bottom:0px;">'.$row[1].'<br><b><p style="font-size:1em;font-weight:bold;width:300px;text-align:center;margin-bottom:0px;">'.$row[2].'/'.$row[3].'</p><b><br>
            </div>';

        }     
        if ($_GET['user'] == $row["matno"]) {
            echo 'Voted';
        }
    } else {
        echo '<p style="color:darkred;font-weight:bolder;font-size:1.6em;text-align:center;">No candidate for this Position</p>';
    }
}
?>

*"What could be wrong with this php code?"* - Stack protip: That's a bad choice for a title. — Funk Forty Niner, Oct 02 '15 at 13:26
Would be nice to define which line is line 74 with the error. I'm betting its — BigScar, Oct 02 '15 at 13:28
You have an undefined index: user in C:\xampp\htdocs\projects\onlinevoting\vote.php on line 74 — swidmann, Oct 02 '15 at 13:29
You check for a $_POST variable at the beginning of this script. Then you go and reference a $_GET variable. You cannot have BOTH on a single submission of a page to a script!! **Refactor** the code with the _brain engaged_ — RiggsFolly, Oct 02 '15 at 13:36
You are "trying to use GET to get the matric number of a candidate", however, at the top of your code, you are testing for `if (isset($_POST['display'])) {` using the POST super global, and nested within it you have `if ($_GET['user'] == $row["matno"]) {`. While it is actually possible to have such a situation, I believe that's where your problem stems from. What method is your form using: GET or POST? If GET, why the `isset($_POST)` test. If POST, does the form's action attribute have the `user` variable in its query string? You could begin to troubleshoot the problem from here. — NaijaProgrammer, Oct 02 '15 at 13:39
How about a [MAX Factor](http://maxfactor-international.com/) instead Smokey? @RiggsFolly — Funk Forty Niner, Oct 02 '15 at 13:39
*"there is none in the form – Joel Amawhe 33 secs ago"*, form, what form? form method is; none? — Funk Forty Niner, Oct 02 '15 at 13:43
You would have to really PLASTER IT ON to cover all the cracks in that code Ralph @Fred-ii- — RiggsFolly, Oct 02 '15 at 13:43
The things you can do with thick and slick lipstick Smokey @RiggsFolly — Funk Forty Niner, Oct 02 '15 at 13:45

score 1 · Answer 1 · answered Oct 02 '15 at 13:30

1

From what you've posted I am going to guess that you're not checking that the $_GET variable user has been set.

Change this line

if ($_GET['user'] == $row["matno"]) {

to

if ((isset($_GET['user'])) && ($_GET['user'] == $row["matno"])) {

answered Oct 02 '15 at 13:30

Geoff Atkins

1,693
1
17
23

Except that execution will never get to that IF if the form was submitted via GET as its inside another if which tests for the existance of a $_POST variable!!! – RiggsFolly Oct 02 '15 at 13:40
This is true; I hadn't spotted the `$_POST` aspects at the beginning of the code. Thinking about it, I've never attempted to pass POST and GET variables at the same time, but I am not entirely sure whether that's actually impossible. – Geoff Atkins Oct 02 '15 at 13:43
Well I suppose they could change $_GET and $_POST to $_REQUEST. But not without testing EVERY variable for its existance before going anywhere near it. **This is not a serious suggestion at a solution** – RiggsFolly Oct 02 '15 at 13:47

NaijaProgrammer · Answer 2 · 2015-10-02T13:54:42.153

Posting this as an answer rather than a comment.

You are "trying to use GET to get the matric number of a candidate", however, at the top of your code, you are testing for if

(isset($_POST['display'])) {

using the POST super global, and nested within it you have

if ($_GET['user'] == $row["matno"]) {.

While it is actually possible to have such a situation, I believe that's where your problem stems from. What method is your form using: GET or POST? If GET, why the isset($_POST) test. If POST, does the form's action attribute have the user variable in its query string? You could begin to troubleshoot the problem from here.

Basically, PHP is reporting that the 'user' array member isn't set, which most likely means your form's action page does not include the user variable in its query string.

I propose two possible solutions to this.

First, and most preferably, use a hidden input field in your form, and set its value to the user's id. Then, instead of testing for $_GET['user'], test for $_POST['user']. The HTML snippet for the hidden input field would be like :

<input type="hidden" name="user" value="Whatever_user_id_is"/>

Then replace

if ($_GET['user'] == $row["matno"]) {

with

if ($_POST['user'] == $row["matno"]) {.

An alternative approach, if you wish to stick with the if ($_GET['user'] == $row["matno"]) { syntax/pattern, is to include the user variable as part of the form's action attribute:

<form method="post" action="YOUR_FORMS_ACTION_PAGE?user=what_ever_user_is">

That way, when you submit the form, the user variable will be present in the GET super global array.

score 0 · Answer 3 · edited Dec 10 '15 at 03:15

0

That should be better

if (isset($_POST['user'])) {
    if ($_POST['user'] == $row["matno"])) {
    }
}

edited Dec 10 '15 at 03:15

Josh Crozier

233,099
56
391
304

answered Oct 02 '15 at 13:31

I_G

413
1
4
18

1

Except that execution will never get to that IF if the form was submitted via GET as its inside another if which tests for the existance of a $_POST variable!!! – RiggsFolly Oct 02 '15 at 13:37
I really don't understand – Joel Amawhe Oct 02 '15 at 13:38
watch if you have a user variable in your form and do you use $_GET[] or $_POST method in your form – I_G Oct 02 '15 at 13:39
there is none and the form is using a post – Joel Amawhe Oct 02 '15 at 13:43
What none? your variable or the method? You must use get or post method in your form and you should have an user input or whatever – I_G Oct 02 '15 at 13:45
there is no variable but there is a method, which is POST – Joel Amawhe Oct 02 '15 at 13:48
then you should use isset($_POST['user']) instead of $_GET['user'] and don't expect to get an user variable if you don't have one in your form... – I_G Oct 02 '15 at 13:50
the user variable is attached to this link to build a url query string – Joel Amawhe Oct 02 '15 at 13:56
then put it in your form like a hidden input to get your variable or use $_SESSION – I_G Oct 02 '15 at 14:13

What could be wrong with this php code?

3 Answers3