I wonder how i'm getting the Error "Notice: undefined variable", when I redirect to main page after inserting values to db

Question

This is my php code
       <?php
$host = "localhost";
$username = "root";
$password = "";
$db_name = "test1";
$tbl_name = "test_mysql";

mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$name = (isset($_POST['name'])) ? $_POST['name'] : '';
$lastname = (isset($_POST['lastname'])) ? $_POST['lastname'] : '';
$email = (isset($_POST['email'])) ? $_POST['email'] : '';
$sql = "INSERT INTO $tbl_name(name, lastname, email)VALUES('$name', '$lastname', '$email')";
$result = mysql_query($sql);

if ($result) {
    echo "Successful";
    echo "<BR>";
    echo "<a href='insert_ac.php'>Back to main page</a>";
} else {
    echo "ERROR";
}
mysql_close();`enter code here`

?>

I am able to insert values to db,but after that if i click "back to main page" to insert more, i am getting the errors as shown below

Notice: Undefined variable: name in      C:\xampp\htdocs\PhpProject3(Insert)\insert_ac.php on line 25
Notice: Undefined variable: lastname in C:\xampp\htdocs\PhpProject3(Insert)\insert_ac.php on line 25
Notice: Undefined variable: email in C:\xampp\htdocs\PhpProject3(Insert)\insert_ac.php on line 25

Successfully Inserted
To insert more...Back to main page
How can I fix this???

Thanks..the problem was with where i am redirecting.i was trying to redirect to the same page — MaryAnn, Jun 02 '16 at 09:48

score 1 · Answer 1 · answered Jun 02 '16 at 08:56

Before you put $_POST variables in a database you need to check and validate them thouroughly.

// start by making all posted varibales local, this is safe because of the prefix
extract($_POST,EXTR_PREFIX_ALL,'post');
// first check if all wanted variables exist
if (isset($post_name) &&
    isset($post_lastname) &&
    isset($post_email))
{
  // now make the variables safe for insertion
  $name     = mysql_real_escape_string($post_name);
  $lastname = mysql_real_escape_string($post_lastname);
  $email    = mysql_real_escape_string($post_email);
  // only then insert them in the database
  $sql      = "INSERT INTO $tbl_name (name,lastname,email) 
               VALUES ('$name','$lastname','$email')";
  $result   = mysql_query($sql);
  echo ($result ? 'Success' : 'Failure');
}

I left out a few bits, like making the db connection.

The mysql extension is deprecated, please do not use it.

score 0 · Answer 2 · answered Jun 02 '16 at 08:43

0

Well, maybe define it even if it didn't get a value? You should know what you want to do if there is no POST data.

if(isset($_POST['name'])){
  $name = $_POST['name'];
}else{
  $name='';
}

answered Jun 02 '16 at 08:43

Viktor Koncsek

564
3
13

1

This is only half solution because when form is not send your code will add empty values into db – nospor Jun 02 '16 at 08:45
Yes, this is why i said he should know what he wants to do without data :) – Viktor Koncsek Jun 02 '16 at 08:49
@MaryAnn Then you did it wrong again. – Viktor Koncsek Jun 02 '16 at 08:57

nospor · Answer 3 · 2016-06-02T08:52:37.380

0

You should put data into db only after data are send by post, so you must first check if form is send:

if (!empty($_POST)) { //HERE you check if form is send

if(isset($_POST['name'])){ $name = $_POST['name']; } 
if(isset($_POST['lastname'])){ $lastname = $_POST['lastname']; } 
if(isset($_POST['email'])){ $email = $_POST['email']; } 
$sql="INSERT INTO $tbl_name(name, lastname, email)VALUES('$name', '$lastname', '$email')";
$result=mysql_query($sql);
if($result){
echo "Successful";
echo "<BR>";
echo "<a href='insert_ac.php'>Back to main page</a>";
}
else {
echo "ERROR";
}
}
?>

edited Jun 02 '16 at 08:52

answered Jun 02 '16 at 08:44

nospor

4,190
1
16
25

'This is only half solution because when form is not send your code will add empty values into db' So if I POST something but not name lastname email, it still inserts empty values. 'half answer' – Viktor Koncsek Jun 02 '16 at 08:56
It will happen only happen when author will have wrong form or he will be attacked. if you want, you can check all fields and if all exists then make insert. But for this moment I think it resolve author problem. – nospor Jun 02 '16 at 09:02

score 0 · Answer 4 · answered Jun 02 '16 at 09:18

Use ternary operator or assign blank value through if else statement. You need to assign default value to variable.

Try this one :

<?php
$host = "localhost";
$username = "root";
$password = "";
$db_name = "test1";
$tbl_name = "test_mysql";

mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$name = (isset($_POST['name'])) ? $_POST['name'] : '';
$lastname = (isset($_POST['lastname'])) ? $_POST['lastname'] : '';
$email = (isset($_POST['email'])) ? $_POST['email'] : '';
$sql = "INSERT INTO $tbl_name(name, lastname, email)VALUES('$name', '$lastname', '$email')";
$result = mysql_query($sql);

if ($result) {
    echo "Successful";
    echo "<BR>";
    echo "<a href='insert_ac.php'>Back to main page</a>";
} else {
    echo "ERROR";
}
mysql_close();

Now i am able to add data to db, but the problem is with redirection..which can be corrected by changing insert_ac.php,where i am redirecting to same page..Thanks for the help!! — MaryAnn, Jun 02 '16 at 10:04

I wonder how i'm getting the Error "Notice: undefined variable", when I redirect to main page after inserting values to db

4 Answers4