1

Currently I'm developing contact us form what is my question when i run that script on localhost, the name field and email field inside error has appeared like:

(<br /><b>Notice</b>:  Undefined index: name in <b>E:\wamp\www\rrr\btech\index.php</b> on line <b>49</b><br />)
(<br /><b>Notice</b>:  Undefined index: email in <b>E:\wamp\www\rrr\btech\index.php</b> on line <b>49</b><br />)

after click the submit the response will be undefined syntax error.

<tr>
<td valign="bottom"><span class="contactus-txt">
  <input name="textfield222" type="text" class="contact-field" style="width:125px;"   value="<?php echo $_GET['name'];?>" />
</span></td>
<td valign="bottom"><span class="contactus-txt">
  <input name="textfield2222" type="text" class="contact-field" style="width:125px;"  value="<?php echo $_GET['Email-Id'];?>"/>
</span></td>
</tr>

I used that html code.

Can any one tell me what mistake I made?

badp
  • 11,409
  • 3
  • 61
  • 89
magna
  • 293
  • 4
  • 5
  • 13

2 Answers2

7

Here goes the right way:

<?php
$FORM['name'] = "";
$FORM['Email-Id'] = "";
if (isset($_GET['name'])) $FORM['name'] = htmlspecialchars($_GET['name']);
if (isset($_GET['Email-Id'])) $FORM['Email-Id'] = htmlspecialchars($_GET['Email-Id']);
?>
<tr>
<td valign="bottom"><span class="contactus-txt">
  <input name="textfield222" type="text" class="contact-field" style="width:125px;"   value="<?php echo $FORM['name'];?>" />
</span></td>
<td valign="bottom"><span class="contactus-txt">
  <input name="textfield2222" type="text" class="contact-field" style="width:125px;"  value="<?php echo $FORM['Email-Id'];?>"/>
</span></td>

All variables should be initialized before use.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
  • Whilst I am in full favour of 'sticking to the rules' I never bother with these notices, I think turning E_NOTICE off is perfectly fine in this case. I develop without E_NOTICE, if I checked isset on every variable it would be so time consuming! Feel free to disagree! – kieran Jan 07 '11 at 12:50
  • @kieran a first attempt to debug not a chicken-size application will reassure you. – Your Common Sense Jan 07 '11 at 12:53
  • @kieran notices can contain valuable information about typos and uninitialized variables, so turning off notices is not a good thing. I [agree it sucks](http://stackoverflow.com/questions/1960509/isset-and-empty-make-code-ugly) to have to do this for request variables, but it's the way it is – Pekka Jan 07 '11 at 12:54
  • So you're saying instead of checking a variable the following way: if($s) { echo 'test'; } you do if(isset($s) && $s){ echo 'test'; } every time that $s may not be defined? – kieran Jan 07 '11 at 12:58
  • 1
    @kieran: A crappy function like this makes it a bucketload shorter to be E_STRICT compliant: `function ifnull(&$var, $default) { if (isset($var) && $var !== null) return $var; return $default; } $foo = ifnull($_GET['foo'], 1);` – Shabbyrobe Jan 07 '11 at 12:58
  • @kieran as you can see, I am never doing it this way. **I do initialize a variable first** by assigning whatever value to it, and only then use it in the code. – Your Common Sense Jan 07 '11 at 13:07
4

Your question is not all that clear. I assume you have an action for this form and either a post or get method?

From the two inputs I can see, your values should appear in the $_POST variable as $_POST['textfield222'] and $_POST['textfield2222'] for the post method and $_GET['textfield222'] and $_GET['textfield2222'] if the form is using the get method.

As a general rule, never trust user input - validate the forms data before using it.

I hope this is of use.

user466764
  • 1,201
  • 7
  • 7
  • 1
    a big +1 for "never trust user input". the rest of the answer is good too, but oh boy, I shudder when I see $_GET or $_POST being echoed straight back (or worse) without even being escaped let alone validated. – Spudley Jan 07 '11 at 13:04
  • @Spudley as a matter of fact, this sentence has a very little to do in this very case. – Your Common Sense Jan 07 '11 at 13:08