2

I got this error can anyone help me?

Notice: Undefined index: submit in
D:\xampp\htdocs\testsubject\cntcinfo.php on line 7

This is my code:

if($_POST['submit']=='Update')
{
mysqli_query($link,"    UPDATE usr_profile
                    SET phone='".$_POST['phone']."',
                        email='".$_POST['emails']."',
                        address='".$_POST['address']."',
                        postcode='".$_POST['postcode']."',
                        city='".$_POST['city']."';  
                    ");
header('Location: '.$_SERVER['HTTP_REFERER']);
exit;
}

I tired to use isset but I got this error instead: 

Fatal error: Cannot use isset() on the result of an expression (you
can use "null !== expression" instead) in
D:\xampp\htdocs\testsubject\cntcinfo.php on line 7

this is my isset

if(isset($_POST['submit']=='Update'))
Alex
  • 8,461
  • 6
  • 37
  • 49
Ashraf Kamarudin
  • 522
  • 6
  • 24
  • Amend the button you using to POST and give it a name of submit. like – Ethic Or Logics Nov 10 '15 at 06:40
  • 1
    I just neet to comment on this.. never ever... ever ever never put unescaped user data (or any data) in to the database. Always sanitize your inputs! Or better yet, use prepared statements. This has SQL Injection, loss of data and a lot of tears written all over it. – M. Eriksson Nov 10 '15 at 06:42
  • i will take a look into that.thanks. – Ashraf Kamarudin Nov 10 '15 at 06:50
  • As CynePhoba12's answered, that's the right way to use isset. In your code, you are checking isset for a result of an expression. Also, as @Magnus Eriksson said, never ever use user inputs directly in your SQL or any other code. Always sanitize before using it. – Vaishak Nov 10 '15 at 06:51

4 Answers4

1

If you want to check whether the POST value is set, you will need to use this code:

if(isset($_POST['submit'])) { 
    if($_POST['submit'] == 'Update') {
        //Do work here
    }
}

(or to shorten it):

if(isset($_POST['submit']) && ($_POST['submit'] == 'Update')) {
    //Do work here
}

When you call $_POST['submit']=='Update' inside the isset() function, you are asking it to check whether the result of an expression is set (which it can't process). So you would need to nest it like i've shown above.

If you're finding that you're getting an undefined index, make sure that the form you're posting from has submit set as one of its form elements.

Matt Davis
  • 470
  • 5
  • 16
  • 1
    why do not combine, the 2 if statements? – jmattheis Nov 10 '15 at 06:42
  • Yeah I just added it in. Sometimes i prefer having them seperate because then you've got a whole code block in which you show the code in there is only being executed if the value is set (so you can show an error if it isn't set or what not). Depends on the workings of your application it gives you room to move but can also improve readability in certain circumstances. – Matt Davis Nov 10 '15 at 06:45
0

isset is not use for comparison . You can use it as

if(isset($_POST['submit']) && $_POST['submit']=='Update')
{

}

Ans make sure you submit type as

<input type="submit" name="submit" value="Update"/>

Your query is open for sql injection you can use before update

 $phone=mysqli_real_escape_string ( $link , $_POST['phone'] );

Check How can I prevent SQL injection in PHP?

Community
  • 1
  • 1
Saty
  • 22,443
  • 7
  • 33
  • 51
0

use this

if(isset($_POST['submit']) && $_POST['submit']=='Update')) {
// Your code here
}
Shakti Patel
  • 3,762
  • 4
  • 22
  • 29
0

Not all browsers send a value for submit buttons, if the form can also be used for adding a user, consider using a checkbox for flagging if it's an update to a user's profile.

You're a sitting duck for SQL Injection attack with that code, you should be using prepared statements which eliminate the risk of SQL Injection attack, you should also be checking to see if MySQL ever returns any errors for the query.

All user submitted data needs to be validated no matter how well you know/trust your users.

SpacePhoenix
  • 607
  • 1
  • 5
  • 15