PHP button defition error

Question

I had an issue with php. This code gave me error:

<input type="text" name="comment">
<tr>
    <input type="submit" value="Post" name="Post">
    <?php
    if ($_POST['Post']) {
        if (!isset($_COOKIE["c_user"])) {
            die("Aby komentowac musisz byc zalogowany!");
        } else {
            $user = $_COOKIE["c_user"];
            $comment = mysql_real_escape_string($_POST['comment']);
            if ($_POST['comment'] && $_POST['$user']) {
                mysql_query("INSERT INTO posts (comments, user) VALUES ('$user', '$comment')");
            }
        }
    }
    ?>

Error looked like that:

Notice: Undefined index: Post in C:\xampp\htdocs\index.php on line 148.

I searched stackoverflow and followed answers. Then after upgrading the code to that version:

<?php
if (isset($_POST['Post'])) {
    if ($_POST['comment']) {
        if (!isset($_COOKIE["c_user"])) {
            die("Aby komentowac musisz byc zalogowany!");
        } else {
            $user = $_COOKIE["c_user"];
            $comment = mysql_real_escape_string($_POST['comment']);
            if ($_POST['comment'] && $_POST['$user']) {
                mysql_query("INSERT INTO posts (comments, user) VALUES ('$user', '$comment')");
            }
        }
    } else {
        echo "Komentarz nie został wpisany.";
    }
} else {
    echo "Post nie jest ustawiony!";
}
?>

It still doesn't read inner if statement and doesn't do cookie check. Please help.

Try to always use `isset($_POST['Post'])` – Sanchit Gupta Jan 11 '16 at 15:28 — Sanchit Gupta, Jan 11 '16 at 15:28

Frank W. · Answer 1 · 2016-01-11T15:25:49.493

You should format your input fields in a form like this:

<form action="welcome.php" method="post">
    Value: <input type="text" name="post"><br>
    <input type="submit">
</form>

In the html form your action="" should be the place where your php code is (if your php code is on the same page as your html form you can leave this blank).

Next to that you dont need to pick up the button within your php but only the form input field.

To check if your values have been set:

if(isset($_POST['post'])) {
    echo 'your value has been set';
}

For more information you can visit the w3schools page: W3 schools - form handling

score 0 · Accepted Answer · edited May 23 '17 at 10:29

Your first warning came of the fact that your form was not submitted, so there was no element in the superglobal $_POST-array named "Post". By reading PHP: "Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset" you'll see how to fix those (seems like you fixed them, too).

First off, I don't see any form tags. To be able to submit a form over $_POST, you'll need to wrap your inputs inside <form> tags. By default, forms submit over $_GET (will put the data in the URL), but what you most likely want is to submit over $_POST, so we specify the method-attribute.

<form method="POST">
    <input type="text" name="comment">
    <input type="submit" value="Post" name="Post">
</form>

I left out the action attribute, because it looks to me like you are placing your PHP on the same page as the HTML form.

You do a lot of checks in your PHP, some of them makes your script fail (for instance, $_POST['$user'] is likely the cause of your issue, because it's not checking for the variable, but the actual text $user. Also, the variable $user will never be a part of the $_POST-array) but we can make it a bit more compact and easier to read. This can also be put anywhere on that same PHP page, you don't need to place this code inside the <form>-tags.

if (isset($_POST['Post'])) {
    if (!empty($_POST['comment'])) {
    // Only enter this code if the form has been submitted

        if (!isset($_COOKIE["c_user"]))
            die("Aby komentowac musisz byc zalogowany!");  // If  the coookie is not set, stop the script

        $user = $_COOKIE["c_user"];
        $comment = mysql_real_escape_string($_POST['comment']);

        mysql_query("INSERT INTO posts (comments, user) VALUES ('$user', '$comment')");
    } else {
        echo "Komentarz nie został wpisany.";
    }
}

Your script is also vulnerable to SQL-injection, so I strongly advise you to switch to either mysqli_* or PDO with prepared statements. An example of object-oriented MySQLi with prepared statements is given below

$mysqli = new mysqli("localhost", "username", "password", "database");
if ($mysqli->connect_errno) {
    echo "Failed to connect to MySQL: (".$mysqli->connect_errno.") ".$mysqli->connect_error;
}
$mysqli->set_charset("utf8");

$stmt = $mysqli->prepare("INSERT INTO posts (user, comments) VALUES (?, ?)");
$stmt->bind_param("ss", $user, $comment);
$stmt->execute();
$stmt->close();

References:

@PHP_Coder_1337 If this solved your issue, please mark this answer as "checked" by the green symbol under voting on this answer :) — Qirel, Jan 11 '16 at 17:51

PHP button defition error

2 Answers2