-2

I am making feedback page, but it is producing some errors. i don't understand what is wrong. Please help me figure out where i am doing wrong. when i submit the form the errors goes away and produce right result,but when i refresh the page it produces same errors again

<?php
$name = $_POST['name'];       // error undefined index name
$suggestion = $_POST['suggest'];  // error undefined index suggest
$opinion = $_POST['opinion']; // error undefined index opinion
$submit = $_POST['submit']; // error undefined index submit

if(isset($submit)){
    $sql= mysqli_query($con,"insert into feedback (name,suggestion,opinion) values ('$name','$suggestion','$opinion')");
    if($sql==true){?>
        <div class="alert alert-info">
       Thankyou for your suggestions. we will notify the admins.
</div>
<?php
    }

}


?>
<body>
<div class="feedback">

<form action="feedback.php" method="post"> 
<h1> Help us improve our website</h1>
<h2>Please drop your suggestion below</h2>

  <div class="form-group">
    <label >Your Name:</label>
    <input type="text" class="form-control" name="name" required>
  </div>
  <div class="form-group">
    <label for="comment">Your suggestion</label>
  <textarea class="form-control" name="suggest" rows="5" id="comment" required ></textarea>
  </div>
    <p>Were you satisfy with this website?</p>
   <label class="checkbox-inline">
      <input type="checkbox" name="opinion"value="1"> yes
    </label>
    <label class="checkbox-inline">
      <input type="checkbox" name="opinion" value="2"> no
    </label>
    <label class="checkbox-inline">
      <input type="checkbox" name="opinion" value="3"> may be
    </label>
    <br /><br />
  <button type="submit" name="submit" class="btn btn-primary">Submit</button>

</form>


</div>
</body>
Maliha Khan
  • 15
  • 1
  • 6
  • You are open to SQL injections. Use parameterized queries. http://php.net/manual/en/mysqli.quickstart.prepared-statements.php – chris85 Dec 05 '16 at 21:57

3 Answers3

0

When initially rendering the page, it's unable to locate the index (ie. value) for $_POST array (name, suggest, etc.). That's because there is no $_POST data until you submit the form. When you submit the form, $_POST contains data, including those indexes, so it's able to successfully render the page.

You should check to see if the variable has been set or not. Something along these lines will do that:

if (isset($_POST["name"]) {
    $name = $_POST["name"];
}

You can do this for each variable.

I also recommend including that within the submit condition, as it should only check for that data if the form was submitted.

Additionally, you should look into using prepared statements or input sanitization as you are setting yourself up for SQL Injection with the mysqli query.

princessjackie
  • 565
  • 3
  • 13
-1

That's because parameters passed with post method are related only to a specific page request. When you refresh the page, browsers usually ask you if you want to send forms again, otherwise the request is sent without additional data.

Matteo Pariset
  • 114
  • 3
-1

Your issue is exactly what the error states, your $_POST array is empty when the page is first loaded, and it is not empty (so you do not get the error) when you have POSTED the form.

replace your variable declarations as follows to make sure they are properly declared incase the $_POST array is empty:

$name = isset($_POST['name']) ? $_POST['name'] : "";      
$suggestion = isset($_POST['suggest']) ? $_POST['suggest'] : ""; 
$opinion = isset($_POST['opinion']) ? $_POST['opinion'] : ""; 
$submit = isset($_POST['submit']) ? $_POST['submit'] : "";

if(isset($submit) && $submit != ""){
  // your insert code here
}
coderodour
  • 1,072
  • 8
  • 16