0

I'm trying to code for a blog where I can easily update contents and add categories using php. I dont know much of php, so a friend sent a code over. So everytime I log in the blog.I get this errors

Notice: Undefined index: username in C:\xampp\htdocs\cms-blog\cms-blog.php on line 41

Notice: Undefined index: mode in C:\xampp\htdocs\cms-blog\cms-blog.php on line 101

Notice: Undefined index: j in C:\xampp\htdocs\cms-blog\cms-blog.php on line 106

Notice: Undefined offset: 0 in C:\xampp\htdocs\cms-blog\cms-blog.php on line 111

Notice: Undefined offset: 1 in C:\xampp\htdocs\cms-blog\cms-blog.php on line 111

Notice: Undefined offset: 2 in C:\xampp\htdocs\cms-blog\cms-blog.php on line 111

Notice: Undefined offset: 3 in C:\xampp\htdocs\cms-blog\cms-blog.php on line 111

Notice: Undefined offset: 4 in C:\xampp\htdocs\cms-blog\cms-blog.php on line 111

Notice: Undefined offset: 5 in C:\xampp\htdocs\cms-blog\cms-blog.php on line 111

Notice: Undefined offset: 6 in C:\xampp\htdocs\cms-blog\cms-blog.php on line 111

Notice: Undefined offset: 7 in C:\xampp\htdocs\cms-blog\cms-blog.php on line 111

Notice: Undefined offset: 8 in C:\xampp\htdocs\cms-blog\cms-blog.php on line 111

Notice: Undefined offset: 9 in C:\xampp\htdocs\cms-blog\cms-blog.php on line 111

Notice: Undefined offset: -2 in C:\xampp\htdocs\cms-blog\cms-blog.php on line 281.

I really dont know where the error is from or how to fix it. Here is the php code from the blog home page after logging in.

<?php
include_once"config.php";

$U=$_POST['username']; 
if (!isset($U)){$U=$_GET['username'];}
if (isset($U)&&preg_match("/[A-Za-z0-9_]{6,20}$/",$U)){$check_user_data = mysql_query("SELECT * FROM blogmembers WHERE username='$U'") or die(mysql_error());
if(mysql_num_rows($check_user_data)==0){unset($U);}}else{unset($U);}
if (!isset($U)){echo '<script language="javascript">alert("Please login.");window.location="blog-login.php"; </script>';}

if($U<>"xrystal"){$am_i_admin="cms-blog.php";$thelinktext="";$am_i_admin2="cms-blog.php";$thelinktext2="";}else{$thelinktext="Create New Topic";$am_i_admin="cms-create-blog-topic.php?username=".$U;$thelinktext2="Edit Categories";$am_i_admin2="cms-blog-edit-category.php?username=".$U;}

$sql = "CREATE TABLE IF NOT EXISTS blog_question (
id int(4) NOT NULL auto_increment,
topic varchar(255) NOT NULL default '',
detail text NOT NULL,
name varchar(65) NOT NULL default '',
email varchar(65) NOT NULL default '',
datetime varchar(25) NOT NULL default '',
category varchar(30) NOT NULL default '',
open tinyint(1) NOT NULL default '1',
topics_username varchar(20) NOT NULL,
view int(4) NOT NULL default '0',
reply int(4) NOT NULL default '0',
PRIMARY KEY (id)
) ENGINE=MyISAM AUTO_INCREMENT=1";

mysql_query($sql);

$sql = "CREATE TABLE IF NOT EXISTS blog_answer (
id int(4) NOT NULL auto_increment,
question_id int(4) NOT NULL default '0',
a_id int(4) NOT NULL default '0',
a_name varchar(65) NOT NULL default '',
a_email varchar(65) NOT NULL default '',
a_answer text NOT NULL,
a_datetime varchar(25) NOT NULL default '',
PRIMARY KEY (id)
) ENGINE=MyISAM AUTO_INCREMENT=1";

mysql_query($sql);

$cat=array();

$res = mysql_query("SELECT category FROM blogcategories order by category") or die(mysql_error());
while ($row = mysql_fetch_row($res)) {
array_push ($cat, $row[0]);
}

$num_cats_in_table=mysql_num_rows($res);

$tbl_name="blog_question";

$ids=array();

$res = mysql_query("SELECT id FROM $tbl_name ORDER BY id DESC") or die(mysql_error());
while ($row = mysql_fetch_row($res)) {
array_push ($ids, $row[0]);
}

$num_topics=mysql_num_rows($res);

echo "<center><div id='ti'><h2>Blacck Xrystal</h2></div></center>";

$mode=$_GET["mode"];
if(!isset($mode)){$mode=-2;}

if($mode==-2){ //10 topic groups

$j=$_GET['j'];if(!isset($j)){$j=10;}
$k=$j-10;

for ($i=$k;$i<$j;$i++) {

$res = mysql_query("SELECT * FROM $tbl_name WHERE id='$ids[$i]' ORDER BY id DESC") or die(mysql_error());
while($rows=mysql_fetch_array($res)){
$id=$rows['id'];
?>

Thats line 38 to 114

<?php
}else{

$res = mysql_query("SELECT * FROM blog_question WHERE category='$cat[$mode]' ORDER BY id DESC") or die(mysql_error());
while($rows=mysql_fetch_array($res)){
$id=$rows['id'];
?>

Thats 278 to 284 where the other error is. Thanks in advance for the answers and critics too.

Xrystal
  • 1
  • 1
  • FYI, [you shouldn't use `mysql_*` functions in new code](http://stackoverflow.com/questions/12859942/). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [red box](http://php.net/manual/en/function.mysql-connect.php)? Learn about [*prepared statements*](https://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide which one is best for you. – John Conde Apr 24 '17 at 01:35
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – John Conde Apr 24 '17 at 01:35

0 Answers0