Undefined Index Error PHP $_POST

Question

I'm not that new to HTML but I am still very new to PHP. Right now I've created a MySQL Database using XAMPP and within that I can see all my tables (as expected). I've got a PHP script that displays all the information in one of my tables. The table has NULL values in it because the user is supposed to input information into it and then click a button that says Update and it's supposed to update my database and table with said values. (If any of the above confused you, hopefully what's written after the scripts will clarify it). Here are my scripts:

NOTE: the dbconnect.php script simply contains my connection to my database

index.php

<?php
require_once('dbconnect.php');
$query = "SELECT * FROM event_list";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
?>

<table width="auto" border="1" cellspacing="1" cellpadding="0">
    <form name="form1" method="post" action="results.php">
        <tr>
            <td>
                <table width="auto" border="1" cellspacing="1"     cellpadding="0">
                    <tr>
                        <td align="center"><strong>Event ID</strong></td>
                        <td align="center"><strong>Title</strong></td>
                        <td align="center"><strong>Topic</strong></td>
                        <td align="center"><strong>Description</strong></td>
                        <td align="center"><strong>Event Date</strong></td>
                        <td align="center"><strong>Speaker</strong></td>
                        <td align="center"><strong>Building</strong></td>
                        <td align="center"><strong>Room</strong></td>
                    </tr>

                    <?php                    
                        while($rows=mysqli_fetch_array($result)) {
                    ?>

                    <tr>
                        <?php
                            $id[]=$rows['event_id'];
                        ?>
                        <td align="center">
                            <?php echo $rows['event_id'];?>
                        </td>
                        <td align="center">
                            <input name="title[]" type="text" id="title" value="<?php echo $rows['title']; ?>">
                        </td>
                        <td align="center">
                            <?php echo $rows['topic_name']; ?>
                        </td>
                        <td align="center">
                            <?php echo $rows['topic_description']; ?>
                        </td>
                        <td align="center">
                            <input name="date[]" type="date" id="date" value="<?php echo $rows['event_date']; ?>">
                        </td>
                        <td align="center">
                            <input name="speaker[]" type="text" id="speaker" value="<?php echo $rows['speaker_name']; ?>">
                        </td>
                        <td align="center">
                            <input name="building[]" type="text" id="building" value="<?php echo $rows['building_name']; ?>">
                        </td>
                        <td align="center">
                            <input name="room[]" type="text" id="room" value="<?php echo $rows['room_name']; ?>">
                        </td>
                    </tr>

                    <?php
                        }
                    ?>

                    <tr>
                        <td colspan="8" align="center"><input type="submit" name="Update" value="UPDATE"></td>
                    </tr>
                </table>
            </td>
        </tr>
    </form>
</table>

results.php

the script that the index.php script is going to

    <?php
    require_once('dbconnect.php');
    $query = "SELECT * FROM event_list";
    $result = mysqli_query($conn, $query);
    $count = mysqli_num_rows($result);

    if ($_SERVER["REQUEST_METHOD"] == "POST")
    {
        $id = $_POST['event_id']; <!-- variable -->
        $title2 = $_POST['title'];
        $date2 = $_POST['date'];
        $speaker2 = $_POST['speaker'];
        $building2 = $_POST['building'];
        $room2 = $_POST['room'];

        for($i=0;$i<$count;$i++) {
            echo "Title: ".$title2[$i]."<br>";
            $sql="UPDATE events SET title=$title2[$i], event_date='$date2[$i]', speaker_name='$speaker2[$i]', 
            building_name='$building2[$i]', room_name='$room2[$i]' 
            WHERE event_id='$id[$i]'"; <!-- error here -->
            $result1=mysqli_query($conn, $sql);
        }

    }
    ?>

        <table width="auto" border="1" cellspacing="1" cellpadding="0">
            <form name="form1" method="post" action="index.php">
                <tr>
                    <td>
                        <table width="auto" border="1" cellspacing="1" cellpadding="0">
                            <tr>
                                <td align="center"><strong>Event ID</strong></td>
                                <td align="center"><strong>Title</strong></td>
                                <td align="center"><strong>Topic</strong></td>
                                <td align="center"><strong>Description</strong></td>
                                <td align="center"><strong>Event Date</strong></td>
                                <td align="center"><strong>Speaker</strong></td>
                                <td align="center"><strong>Building</strong></td>
                                <td align="center"><strong>Room</strong></td>
                            </tr>

                            <?php                    
                                while($rows=mysqli_fetch_array($result)) {
                            ?>

                            <tr>
                                <td align="center">
                                    <?php echo $rows['event_id'];?>
                                </td>
                                <td align="center">
                                    <?php echo $rows['title']; ?>
                                </td>
                                <td align="center">
                                    <?php echo $rows['topic_name']; ?>
                                </td>
                                <td align="center">
                                    <?php echo $rows['topic_description']; ?>
                                </td>
                                <td align="center">
                                    <?php echo $rows['event_date']; ?>
                                </td>
                                <td align="center">
                                    <?php echo $rows['speaker_name']; ?>
                                </td>
                                <td align="center">
                                    <?php echo $rows['building_name']; ?>
                                </td>
                                <td align="center">
                                    <?php echo $rows['room_name']; ?>
                                </td>
                            </tr>

                            <?php
                                }
                            ?>

                            <tr>
                                <td colspan="8" align="center"><input type="submit" name="Return" value="Return"></td>
                            </tr>
                        </table>
                    </td>
                </tr>
            </form>
        </table>
    </body>
</html>

When I run the index.php script, without putting an if(isset()) around the $id variable in results.php, it tells me that it is an Undefined Index. However, when I DO put the if(isset()) aroung it, it tells me that within my Update SQL statement, the id that's in the WHERE clause is an Undefined Variable.

Like I said earlier, I'm still very new to PHP and I could really use some assistance. I've looked on here (Stack) and found a "thread" about Undefined Index/Variable/Offset but it doesn't make sense to me.

what is the exact error and on which line? you say undefined index then undefined variable. You also say that you saw the possible duplicate and state *"but it doesn't make sense to me."* but I fail to see what you did to fix this. This question stands to get closed with and possibly another/others, — Funk Forty Niner, Apr 02 '18 at 01:47
`$id = $_POST['event_id']; ` is that HTML comment method actually part of the code here? and use `mysqli_error($conn)` on the query then tell us what it shows. — Funk Forty Niner, Apr 02 '18 at 01:47

score -1 · Answer 1 · answered Apr 02 '18 at 01:35

-1

Looks like event_id is not sent up when you submit the form. If you output a hidden field specifying the event_id in your form you can access it via $_POST when the form is submitted:

<input name="event_id" type="hidden" id="event_id" value="<?php echo $rows['event_id']; ?>">

Make sure this line exists somewhere inside the form and it will be accessible in results.php via $_POST['event_id'].

answered Apr 02 '18 at 01:35

Nick

339
1
11

Agreed, *but* you realize that that leaves them open to an sql injection. What would "you" do for that, so that their database won't get hacked? – Funk Forty Niner Apr 02 '18 at 01:57
If I was performing a QA or security audit there are a litany of issues to be resolved: parameterized queries, validation, decoupling of server and view logic, etc. But the context of the issue is a purely development environment, we don't even know if "production" would even be publicly accessible and at any risk of an outside attack. – Nick Apr 02 '18 at 11:27

Undefined Index Error PHP $_POST

index.php

results.php

1 Answers1