What is wrong with my PHP statement for preventing SQL Injection

Asked Dec 06 '15 at 20:38

Active Dec 06 '15 at 20:38

Viewed 23 times

but wanted to know what is wrong with my PHP statement, I wrote it to protect from SQL Injection attacks. It is storing variables from the previous page. Below is the error I get and I am not sure why?

Notice: Undefined index: name in C:\xampp\htdocs\westend\selectDate.php on line 10

Notice: Undefined index: email in C:\xampp\htdocs\westend\selectDate.php on line 11

This is my code, I do not get an error for production

<?php
session_start();
$host='localhost';
$user='root';
$pass='';
$db='theatre_booking';

$con= mysqli_connect($host,$user,$pass,$db);

$name= mysqli_real_escape_string($con, $_SESSION['name']);
$email = mysqli_real_escape_string($con, $_SESSION['email']);

$title = $_POST['production'];
$_SESSION["production"]=$title;



?>

asked Dec 06 '15 at 20:38

user5647516

1,083
1
9
19

Echo this isset($_SESSION['name'])...you will get the error...Actually in your session name and email is not stored thats why it is giving this error – Naruto Dec 06 '15 at 20:41
@Fred where has it been duplicated? i don't understand – user5647516 Dec 06 '15 at 20:42
you must check is the session variables are set or not by using the isset method. – marsahllDTitch Dec 06 '15 at 20:51
okay so i have to set the session variables 1st on the previous page then pass them onto $name= mysqli_real_escape_string($con, $_SESSION['name']); @mehdizahrane – user5647516 Dec 06 '15 at 21:14
you must set it in the 1st page and check it in the next page by using 'if(isset($_SESSION['name'])' – marsahllDTitch Dec 07 '15 at 19:33

What is wrong with my PHP statement for preventing SQL Injection

0 Answers0