1

Hi guys i'm having a problem in my php script and it says

Notice: Undefined index: Name in /storage/h6/881/1096881/public_html/InsertScore.php on line 16

Notice: Undefined index: Score in /storage/h6/881/1096881/public_html/InsertScore.php on line 16

Notice: Undefined variable: hash in /storage/h6/881/1096881/public_html/InsertScore.php on line 17

try {
        $dbh = new PDO('mysql:host='. $hostname .';dbname='. $database,   $username, $password);
    } catch(PDOException $e) {
        echo '<h1>An error has ocurred.</h1><pre>', $e->getMessage() ,'</pre>';
    }

    $realHash = md5($_GET['Name'] . $_GET['Score'] . $secretKey); 
    if($realHash == $hash) { 
        $sth = $dbh->prepare('INSERT INTO getdataofplayer VALUES (null, :Name, :Score)');
        try {
            $sth->execute($_GET);
        } catch(Exception $e) {
            echo '<h1>An error has ocurred.</h1><pre>', $e->getMessage() ,'</pre>';
        }
    }
SzymonM
  • 904
  • 8
  • 14
Ginxxx
  • 1,602
  • 2
  • 25
  • 54
  • The answer is in your problem. Notice: **Undefined** index. And [read this](http://stackoverflow.com/a/4261200/7431119) – Condorcho Mar 21 '17 at 15:22
  • @Condorcho just following the tuts here http://wiki.unity3d.com/index.php?title=Server_Side_Highscores – Ginxxx Mar 21 '17 at 15:29
  • `// Strings must be escaped to prevent SQL injection attack. $name = mysql_real_escape_string($_GET['name'], $db); $score = mysql_real_escape_string($_GET['score'], $db); $hash = $_GET['hash'];` You missed that part. – Condorcho Mar 21 '17 at 15:30
  • i use PDO query sir – Ginxxx Mar 21 '17 at 15:33
  • Yes, misread. You just need to define the variables that are undefined. `$name = $_GET['name']`, etc. Remember to sanitize before inserting. – Condorcho Mar 21 '17 at 15:37
  • @Condorcho i already tried that but still it keeps giving me an undefined index error – Ginxxx Mar 21 '17 at 15:40
  • What's line 16? I'm assuming it's `$realHash = ....`. If so, make sure you're passing `Name` and `Score` in the URL. – Condorcho Mar 21 '17 at 15:58
  • @Condorcho what do you mean passing **Name** and **Score** in the URL? i don't get it sorry – Ginxxx Mar 21 '17 at 16:02
  • You should have something like `addscore.php?Name=SOMETHING&Score=SOMETHING` – Condorcho Mar 21 '17 at 16:04
  • http://jresoor12345.000webhostapp.com/InsertScore.php?Name=John%20Doe&Score=100&hash=mySecretKey. it doesn't add on my database sir – Ginxxx Mar 21 '17 at 16:06

0 Answers0