-2

Hello for some reason when i run actionpage11.php i get a very strange output as shown below and I cant seem to work out why.I was wondering if anyone had an idea as to why this is?

output:

enter image description here

userprofile.php: 

<?php

    session_start();
    require 'config.php';


    $id = $_POST['bidder_id'];
    $sql = "SELECT * FROM `customer` WHERE email_adress = '$id'";
    $sql2 = "SELECT * FROM `review` WHERE accepted_bidder = '$id'";
    $sql3 = "SELECT * FROM `comment` WHERE comment_to = '$id';";

    $result = $conn->query($sql);
    $result2 = $conn->query($sql2);
    $result3 = $conn->query($sql3);


    ?>
    <!DOCTYPE html>
    <html lang="en">


            <!-- PAGE CONTENT -->
            <div class="page-content page-search-result">
                <div class="container">
                <table>
                    <tr>
                        <th>Name</th>
                        <th>Description</th>
                        <th>Skill</th>

                    </tr>

          <!-- populate table from mysql database -->
                    <?php while($row = mysqli_fetch_array($result)):?>
                    <tr>

                        <td><?php echo $row['name']; ?></td>
                        <td><?php echo $row['description'];?></td>
                        <td><?php echo $row['skill'];?></td>

                    </tr>
                    <?php endwhile;?>
                </table>

                    <!-- End Search Form -->

                </div>
            </div>

            <div class="page-content page-search-result">
                <div class="container">
                <table>
                    <tr>
                        <th>review</th>
                        <th>score</th>


                    </tr>

          <!-- populate table from mysql database -->
                    <?php while($row = mysqli_fetch_array($result2)):?>
                    <tr>

                        <td><?php echo $row['review_description']; ?></td>
                        <td><?php echo $row['rating'];?>/10</td>

                    </tr>
                    <?php endwhile;?>
                </table>
                        <form action="actionpage11.php" method="POST" style="border:1px solid #ccc">
                        <div class="container">

                        <input type="hidden" value="<?php echo $id; ?>" name="comment_to" />        


                        <label><b>Comment</b></label>
                        <input type="text" placeholder="Enter Comment" name="comment" >

                        <div class="clearfix">
                        <button type="submit" class="signupbtn" name="submit" value="submit">Submit</button>
                </form>
            </div>
                    <?php while($row = mysqli_fetch_array($result3)):?>
                    <tr>

                        <td><?php echo $row['comment']; ?></td>
                        <td><?php echo $row['comment_by']; ?></td>
                        <td><?php echo $row['comment_time']; ?></td>


                    </tr>
                    <?php endwhile;?>

                    <!-- End Search Form -->

                </div>
            </div>
            <!-- END PAGE CONTENT -->

actionpage11.php:

<?php
session_start();

require 'config.php';


<?php
session_start();

require 'config.php';


$comment    = $_POST['comment'];
$comment_to    = $_POST['comment_to'];
$comment_by = $_SESSION['login_user'];


$query   = "INSERT into `comment` (comment,comment_time,comment_by,comment_to) VALUES('" . $comment . "',now(),'" . $comment_by . "','" . $comment_to . "')";

$success = $conn->query($query);

if (!$success) {
    die("Couldn't enter data: ".$conn->error);

}

 header("location: userprofile.php");
$conn->close();

?>
Barmar
  • 741,623
  • 53
  • 500
  • 612
James Wood
  • 13
  • 3
  • Possible duplicate of [PHP: "Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset"](https://stackoverflow.com/questions/4261133/php-notice-undefined-variable-notice-undefined-index-and-notice-undef) – Qirel Apr 24 '18 at 20:40
  • which part is "very strange"? – castis Apr 24 '18 at 20:55
  • 1
    You might also want to read about [SQL injection](http://php.net/manual/en/security.database.sql-injection.php). – sticky bit Apr 24 '18 at 22:07

2 Answers2

1

At the end of actionpage11.php it does:

header("Location: userprofile.php");

When this redirects to userprofile.php there are no POST parameters (redirects always use GET, not POST), so $_POST['bidder_id'] won't be set.

If this is normally set in a login page that goes to userprofile.php, you could put it in a session variable. Then use that in all the rest of the pages, instead of using $_POST.

Or maybe you should redirect to the page that has the form that goes to userprofile.php, instead of redirecting to userprofile.php directly.

Barmar
  • 741,623
  • 53
  • 500
  • 612
0

$_POST['bidder_id'] isn't set. Maybe $_GET['bidder_id'] is but $_POST['bidder_id'] isn't.

neubert
  • 15,947
  • 24
  • 120
  • 212
  • it is set though i'm posting it from the choosebid page.Also that wouldn't explain the weird output. – James Wood Apr 24 '18 at 20:35
  • 1
    If it was set, then PHP wouldn't throw notices at you. Check that a form has been submitted, and that your `bidder_id` is data that is being sent. – Qirel Apr 24 '18 at 20:39