POST method error in php while creating the form?

Question

This is my form in HTML.

   <html>
<head>
</head>
<body>
<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form id="form" name="form" method="POST" action="add_new_topic.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3" bgcolor="#E6E6E6"><strong>Create New Topic</strong> </td>
</tr>
<tr>
<td width="14%"><strong>Topic</strong></td>
<td width="2%">:</td>
<td width="84%"><input name="topic" type="text" id="topic" size="50" /></td>
</tr>
<tr>
<td valign="top"><strong>Detail</strong></td>
<td valign="top">:</td>
<td><textarea name="detail" cols="50" rows="3" id="detail"></textarea></td>
</tr>
<tr>
<td><strong>Name</strong></td>
<td>:</td>
<td><input name="name" type="text" id="name" size="50" /></td>
</tr>
<tr>
<td><strong>Email</strong></td>
<td>:</td>
<td><input name="email" type="text" id="email" size="50" /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Submit" /> 
<input type="reset" name="Submit2" value="Reset" /></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
</body>
</html>

This is add_new_topic.php code.

<?php

$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="myforum"; // Database name 
$tbl_name="fquestions"; // Table name 

// Connect to server and select database.
$con = mysqli_connect("$host", "$username", "$password" , "$db_name");
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  } 
mysqli_select_db($con,"$db_name")or die("cannot select DB");

// get data that sent from form 
$topic=$_POST['topic'];
$detail=$_POST['detail'];
$name=$_POST['name'];
$email=$_POST['email'];

$datetime=date("d/m/y h:i:s"); //create date time

$sql="INSERT INTO '$tbl_name'('topic',' detail', 'name', 'email', 'datetime')VALUES('topic', 'detail', 'name', 'email', 'datetime')";
$result=mysqli_query($con,$sql);

if($result){
echo "Successful<BR>";
echo "<a href=main_forum.php>View your topic</a>";
}
else {
echo "ERROR";
}
mysqli_close($con);
?>

It shows the error :

Notice: Undefined index: topic in C:\xampp\htdocs\myforum\add_new_topic.php on line 18

Notice: Undefined index: detail in C:\xampp\htdocs\myforum\add_new_topic.php on line 19

Notice: Undefined index: name in C:\xampp\htdocs\myforum\add_new_topic.php on line 20

Notice: Undefined index: email in C:\xampp\htdocs\myforum\add_new_topic.php on line 21 ERROR

HERE,on line 18,19,20 and 21 the following code lies.

$topic=$_POST['topic'];
$detail=$_POST['detail'];
$name=$_POST['name'];
$email=$_POST['email'];

Now what is the error in this POST method?

You're open to SQL injections. You aren't passing variables to your query. Your query is using quotes for tables/columns, those should be backticks. `d/m/y h:i:s` is not the mysql datetime format. You don't need `mysqli_select_db` because you already assign that in the connection. As to your question why the errors, what does the `$_POST` contain? Is the HTML form on `add_new_topic.php`? — chris85, Nov 01 '16 at 04:45

Ishaque Javed · Answer 1 · 2016-11-01T05:13:41.377

1

before getting post value add a condition if post value is not empty like this:

  <?php

    $host="localhost"; // Host name 
    $username="root"; // Mysql username 
    $password=""; // Mysql password 
    $db_name="myforum"; // Database name 
    $tbl_name="fquestions"; // Table name 

    if(isset($_POST) && !empty($_POST)){
    // Connect to server and select database.
    $con = mysqli_connect("$host", "$username", "$password" , "$db_name");
    if (mysqli_connect_errno())
      {
      echo "Failed to connect to MySQL: " . mysqli_connect_error();
      } 
    mysqli_select_db($con,"$db_name")or die("cannot select DB");

    // get data that sent from form 
    $topic=$_POST['topic'];
    $detail=$_POST['detail'];
    $name=$_POST['name'];
    $email=$_POST['email'];

    $datetime=date("d/m/y h:i:s"); //create date time

  $sql="INSERT INTO '$tbl_name'('topic',' detail', 'name', 'email', 'datetime')VALUES('$topic', '$detail', '$name', '$email', '$datetime')";

    if($result){
    echo "Successful<BR>";
    echo "<a href=main_forum.php>View your topic</a>";
    }
    else {
    echo "ERROR";
    }
    mysqli_close($con);
    }
    ?>

edited Nov 01 '16 at 05:13

answered Nov 01 '16 at 04:40

Ishaque Javed

193
2
3
14

1

miss the quotes '$topic'........etc – Karthi Nov 01 '16 at 04:47
please mention where I have did mistake? – Ishaque Javed Nov 01 '16 at 05:11
1

in your `insert query values('')` miss the quotes – Karthi Nov 01 '16 at 05:12
ohh sorry I didn't watched the code properly . – Ishaque Javed Nov 01 '16 at 05:13
do i need to use 'mysqli_select_db'. – S. Shrestha Nov 01 '16 at 14:16
`$result=mysqli_query($con,$sql);` where is this code .don`t we need this or what. – S. Shrestha Nov 01 '16 at 14:27

POST method error in php while creating the form?

1 Answers1