undefined variable in php(error)

Question

undefined variables(name, email, adm,add) on line 16 ....error is coming.....kindly help me to remove error here is my code

<?php

$con = mysqli_connect('localhost','root','');
if(!$con) { 
    echo 'not connected to database';
}
if(!mysqli_select_db($con,'student')) {
    echo 'database not selected';
}
if (isset($_POST['name'])){$name = $_POST['name'];}
if (isset($_POST['email'])){$email= $_POST['email'];}
if (isset($_POST['address'])){$add = $_POST['address'];}
if (isset($_POST['admission'])){$adm = $_POST['admission'];}

/*line:16*/                                                                        
$sql = "INSERT INTO student_record (name,email,address,joining_date) VALUES('$name','$email','$add','$adm')";
if ( !mysqli_query($con,$sql)) {
    echo 'not inserted';
} else {
    echo'inserted';
}

?>

Well, looking at your `if` statements, it looks like your `$_POST` data isn't getting set correctly. Try `echo`ing the value of your `$_POST` variables. — Hopeful Llama, Jun 14 '16 at 12:35
Please use matching tags. This has *nothing* to do with CakePHP at all. If this is code from a CakePHP application it's totally not using the framework at all... I've corrected the tags already. — floriank, Jun 14 '16 at 12:58
You should take a look at this http://stackoverflow.com/questions/4261133/php-notice-undefined-variable-and-notice-undefined-index — Marc Giroux, Jun 14 '16 at 13:02
[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! — Jay Blanchard, Jun 14 '16 at 13:05

Akshay Sharma · Answer 1 · 2016-06-15T08:18:15.320

This is due to you have not initialize your variable before the if conditions . if POST data not found then all 4 variables not set then error come. Plz try this

if($_POST){
    $con = mysqli_connect('localhost','root','');
    if(!$con)
    { 
        echo 'not connected to database';
    }
    if(!mysqli_select_db($con,'student'))
    {
        echo 'database not selected';
    }

    $error  =   true;
    $errorMessage   =   '';
    if (empty($_POST['name']) || empty($_POST['email']) || empty($_POST['address']) || empty($_POST['admission'])){
        $error  =   false;
        if(empty($_POST['name'])){
            $errorMessage   =   'Please enter name <br/>';
        }
        if(empty($_POST['email'])){
            $errorMessage   .=  'Please enter email <br/>';
        }
        if(empty($_POST['address'])){
            $errorMessage   .=  'Please enter address <br/>';
        }
        if(empty($_POST['admission'])){
            $errorMessage   .=  'Please enter admission <br/>';
        }
    }
    if($error){
        $name   = mysql_real_escape_string($_POST['name']);
        $email  = mysql_real_escape_string($_POST['email']);
        $add    = mysql_real_escape_string($_POST['address']);
        $adm    = mysql_real_escape_string($_POST['admission']);

        /*line:16*/                                                                        
        $sql = "INSERT INTO student_record (name,email,address,joining_date) VALUES('$name','$email','$add','$adm')";
        if ( !mysqli_query($con,$sql))
        {
            echo 'not inserted';
        }else{
            echo'inserted';
        }
    }else{
        echo $errorMessage;
    }
}

Not answering the question, but important to point out that your SQL query is totally insecure and vulnerable to SQL injection attacks. If a hacker posts data to your form containining quote marks, he can basically rewrite your SQL. You **must** use proper escaping or prepared queries to avoid this kind of issue. — Simba, Jun 14 '16 at 13:02
thankyou so much for ur answer......it removed my error but printing "not inserted" — Farhana Maryam, Jun 14 '16 at 17:39
@FarhanaMaryam plz check now. i have modified my answer. if have nay issue then plz let me know — Akshay Sharma, Jun 15 '16 at 08:19

score 0 · Answer 2 · edited Jun 15 '16 at 04:36

0

I think you are not getting any post data. Just add a if condition before the execution

if($_POST){  /*Do stuff check for the post['name'] run your SQL query */

as the post is not defined your POST['name'] is not set and it does not go the if block and remains not set.

edited Jun 15 '16 at 04:36

marc_s

732,580
175
1,330
1,459

answered Jun 14 '16 at 12:42

Sandeep

155
1
14

undefined variable in php(error)

2 Answers2