Notice: Undefined index:

Question

The project that i am doing is online and it has 3 branches. I wanted to check other branch inventory when I select the branch in drop down and press "Generate" button as fancy box preview. Bellow is the code of inventory.php

           <form action="otherinventory.php" method="POST">
                        <label class="control-label" for="selectError">Branch:</label>
                        <div class="controls3">
                            <select id="selectError3" name="Branch">
                                <?php
                                $query = 'SELECT branch_ID,branch_add  from db_thisurienterprice.tbl_branch where branch_ID !=' . $_SESSION['username'];
                                $data = $conn->prepare($query);    // Prepare query for execution
                                $data->execute(); // Execute (run) the query

                                while ($row2 = $data->fetch(PDO::FETCH_ASSOC)) {
                                    echo '<option value="' . $row2['branch_ID'] . '">' . $row2['branch_add'] . '</option>';
                                }
                                ?>
                            </select>      
                        </div>
                            <!--<button  type=submit   class="fancybox fancybox.ajax" >Warehouse</button>-->

      <div class="span"> <a href="otherinventory.php" class="fancybox fancybox.ajax"> <button class="btn btn-small btn-success" data-rel="tooltip" title="To add new product ">Generate </button> </a><div> <br/>

                    </form>

and otherinventory.php code,

.... html codes ...

                      <?php



                            $sql = 'SELECT item_name , item_ID , qty  
                                    FROM tbl_item,tbl_inventory 
                                    WHERE tbl_inventory.tbl_item_item_ID = tbl_item.item_ID 
                                    AND tbl_branch_branch_ID = ' .$_POST['Branch'];
                            $stmt = $conn->prepare($sql);
                            $stmt->execute(array());

                            while ($row = $stmt->fetch(PDO::FETCH_NUM)) {
                                echo '<tr>';
                                echo '<td>' . $row[0] . '</td>';
                                echo '<td>' . $row[1] . '</td>';
                                echo '<td>' . $row[2] . '</td>';
                                echo '</tr>';
                            }
                            ?>

.... html codes ...

Then it gives

Notice: Undefined index: Branch anyone could please help me to solve this ?

`type=""` missing in your button and wrap off `anchor tag` from button — Saty, Nov 23 '15 at 11:13

Ashwini Agarwal · Answer 1 · 2015-11-23T11:29:53.580

1

Use isset.

$branch = isset($_POST['Branch']) ? $_POST['Branch'] : '';

$sql = 'SELECT item_name , item_ID , qty  
                                    FROM tbl_item,tbl_inventory 
                                    WHERE tbl_inventory.tbl_item_item_ID = tbl_item.item_ID 
                                    AND tbl_branch_branch_ID = "' .$branch.'"';

Update

In order to avoid the SQL Vulnerability, I'll suggest you to use the below fix.

$branch = isset($_POST['Branch']) ? $_POST['Branch'] : '';
$sql = "SELECT item_name , item_ID , qty  
                                FROM tbl_item,tbl_inventory 
                                WHERE tbl_inventory.tbl_item_item_ID = tbl_item.item_ID 
                                AND tbl_branch_branch_ID = :branch";
$stmt = $conn->prepare($sql);
$stmt->execute(array(':branch' => $branch));

edited Nov 23 '15 at 11:29

answered Nov 23 '15 at 11:12

Ashwini Agarwal

4,828
2
42
59

thanks it works! but again other problem has pop up – Janani Gammanpila Arachchi Nov 23 '15 at 11:16
can you please elaborate? – Ashwini Agarwal Nov 23 '15 at 11:16
Use the updated `SQL` in order to resolve your second problem. – Ashwini Agarwal Nov 23 '15 at 11:21
At least mention the sql injection. – Kostas Mitsarakis Nov 23 '15 at 11:25
@KostasMitsarakis.. Already in between the same. Thanks anyways. – Ashwini Agarwal Nov 23 '15 at 11:30

Kostas Mitsarakis · Accepted Answer · 2015-11-23T11:19:05.030

Change to use submit input:

<button class="btn btn-small btn-success" data-rel="tooltip" title="To add new product ">Generate </button>

To:

<input type="submit" value="Generate" name="submitButton" id="submitButton"
 class="btn btn-small btn-success" data-rel="tooltip" title="To add new product">

Also, bind your values:

$query = "SELECT branch_ID,branch_add  from db_thisurienterprice.tbl_branch where branch_ID != :username";
$data = $conn->prepare($query);    // Prepare query for execution
$data->execute(array(':username'=>$_SESSION['username']));  // Execute (run) the query with prepared statements

Other query:

$sql = "SELECT item_name , item_ID , qty  
        FROM tbl_item,tbl_inventory 
        WHERE tbl_inventory.tbl_item_item_ID = tbl_item.item_ID 
        AND tbl_branch_branch_ID = :branch_id";
$stmt = $conn->prepare($sql);
$stmt->execute(array(':branch_id'=>$_POST['Branch']));

Notice: Undefined index:

2 Answers2