$_POST method showing undefine variable

Question

How to solve this i don't add data using by $_Post Method, but without $_POST method showing undefine variable?

if (isset($_POST['firstname']) && isset($_POST['lastname']) && isset($_POST['age'])){

        //Getting values
        $firstname = $_POST['firstname'];
        $lastname = $_POST['lastname'];
        $age = $_POST['age'];

        //Creating an sql query
        $sql = "INSERT INTO info (firstname,lastname,age) VALUES ('$firstname','$lastname','$age')";

        //Importing our db connection script
        require_once('connect.php');

        //Executing query to database
        if(mysqli_query($con,$sql)){
            echo 'Employee Added Successfully';
        }else{
            echo 'Could Not Add Employee';
        }

        //Closing the database 
        mysqli_close($con);
    }

**Danger**: You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that you need to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Mar 12 '16 at 17:40
use `empty()` instead of `isset()` to determine if the value of the post variables are empty. — C.Liddell, Mar 12 '16 at 17:43
@YehiaAwad — XSS problems occur when outputting text into HTML (or JS and sometimes CSS). That isn't happening here. (Some other bit of PHP that isn't in the question might pull data out of a database and introduce an XSS problem, but it isn't here). — Quentin, Mar 12 '16 at 17:51
@Quentin what if I insert Data as and he just output it somewhere on his site — Yehia Awad, Mar 12 '16 at 17:54
@YehiaAwad — Exactly. "What if". We can't see the output code. — Quentin, Mar 12 '16 at 17:55
Specific problem i don't insert data, actually isset($_Post[]) method don't work properly, what i do?? — Azharul Islam, Mar 12 '16 at 18:03

Ikhlak S. · Answer 1 · 2016-03-12T18:23:12.567

1

You need to define your variables to something if $_POST is not set.

So code would look something like this:

$firstname = isset($_POST['firstname']) ? $_POST['firstname'] ? "";
$lastname = isset($_POST['lastname']) ? $_POST['lastname'] : "";
$age = isset($_POST['age']) ? $_POST['age'] : "";
//if isset $_POST['age'] then assign it to $_POST['age'] else assign it to ""  



if (isset($_POST['firstname']) && isset($_POST['lastname']) && isset($_POST['age'])){

        //Creating an sql query
        $sql = "INSERT INTO info (firstname,lastname,age) VALUES ('$firstname','$lastname','$age')";

        //Importing our db connection script
        require_once('connect.php');

        //Executing query to database
        if(mysqli_query($con,$sql)){
            echo 'Employee Added Successfully';
        }else{
            echo 'Could Not Add Employee';
        }

        //Closing the database 
        mysqli_close($con);
    }

Bonus:

You code can be easily injected. Use prepared statements to avoid this.

$sql = "INSERT INTO info (firstname,lastname,age) VALUES (?,?,?)"; // question marks are placeholders to bind values to
$stmt = $con->prepare($sql); // prepare query
$stmt->bind_param("sss", $firstname, $lastname, $age); // bind values to your query
if($stmt->execute()){ // if success
    echo 'Employee Added Successfully';
}else{
    echo 'Could Not Add Employee';
}

You can learn more about it here

edited Mar 12 '16 at 18:23

answered Mar 12 '16 at 17:51

Ikhlak S.

8,578
10
57
77

if (isset($_POST['firstname']) && isset($_POST['lastname']) && isset($_POST['age'])), this line specific problem, without this line code is work, but showing undefined variable, – Azharul Islam Mar 12 '16 at 18:01
@AzharulIslam Can you add some more of your code. Code related to the variables $firstname, $lastname and $age – Ikhlak S. Mar 12 '16 at 18:08
@AzharulIslam did you try my code? if not give it a try. I think this is what you are looking for – Ikhlak S. Mar 12 '16 at 18:10
, this is connect.php, – Azharul Islam Mar 12 '16 at 18:13
yeh, but same answer – Azharul Islam Mar 12 '16 at 18:20
@AzharulIslam What is the full error you are getting? – Ikhlak S. Mar 12 '16 at 18:21
can u help me about json data parsing in php & mysql?? any link ?? @user3284463 – Azharul Islam Mar 12 '16 at 18:23
there is no error but dont showing successfully added, – Azharul Islam Mar 12 '16 at 18:25
@AzharulIslam take a look at this: http://php.net/manual/en/function.json-encode.php – Ikhlak S. Mar 12 '16 at 18:25
@AzharulIslam add a picture of the error you are getting to your question – Ikhlak S. Mar 12 '16 at 18:25

score 0 · Answer 2 · answered Mar 12 '16 at 17:45

0

Try changing this one:

$sql = "INSERT INTO info (firstname,lastname,age) VALUES ('$firstname','$lastname','$age')";

To this one:

$sql = "INSERT INTO info (firstname,lastname,age) VALUES ('".$firstname."','".$lastname."','."$age."')";

answered Mar 12 '16 at 17:45

lulu

24
6

@C.Liddell Yes you are right. Try using empty() instead of isset(). – lulu Mar 12 '16 at 18:00
@Azharul Islam Maybe it is $_GET not $_POST ? :D (sorry to post here, I cannot post comment to your question) Where did the variables came from? Can you post more code? – lulu Mar 12 '16 at 18:11

$_POST method showing undefine variable

2 Answers2