input data from js into text box goving index not deined error while sql run

Question

case validation file

$pir_num = $related = $case_no = $case_year = $decision_status = $decision_date = $decision_action = $demand_amt = $deposit_amt = $amnesty_amt = $outstanding_amt = $deposit_date = $case_status = $case_remark = " ";

if ($_SERVER["REQUEST_METHOD"] == "POST") 
    {
        $pir_num = test_input($_POST["pir_num"]); 
        $related = test_input($_POST["related"]);
        $case_no = test_input($_POST["case_no"]);
        $case_year = test_input($_POST["case_year"]);
        $decision_status = test_input($_POST["decision_status"]);
        $decision_date = test_input($_POST["decision_date"]);
        $decision_action = test_input($_POST["decision_action"]);
        $demand_amt = test_input($_POST["demand_amt"]);
        $deposit_amt = test_input($_POST["deposit_amt"]);
        $amnesty_amt = test_input($_POST["amnesty_amt"]);
        $outstanding_amt = test_input($_POST["outstanding_amt"]);
        $deposit_date =test_input($_POST["deposit_date"]);
        $case_status = test_input($_POST["case_status"]);
        $case_remark = test_input($_POST["case_remark"]);
   }

function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}  add case detail form    <?php
require './db_connect.php';
//require './pir_reg_form.php';
require './case_validation.php';


$sql = "INSERT INTO case_info(sr_no, pir_no, related, case_no, case_year, decision_status, decision_date, decision_action, demand_amt, deposit_amt, amnesty_amt, outstanding_amt, deposit_date, case_status, case_remark)  VALUES(' ', '$pir_num', '$related', '$case_no','$case_year','$decision_status', '$decision_date', '$decision_action','$demand_amt', '$deposit_amt', '$amnesty_amt', '$outstanding_amt', '$deposit_date','$case_status', '$case_remark')";

if ($conn->query($sql) === TRUE) {

    alert("Case No:".$case_no."/".$case_year."is Added successfully.");

        //header('Location:pir_reg_form.php?pir_no='.$pir_num.'case_no='.$case_no.'case_year'.$case_year);


} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();
?>

errror only at pir_num and outstanding_amt whle sql submission

Possible duplicate of [PHP: "Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset"](https://stackoverflow.com/questions/4261133/php-notice-undefined-variable-notice-undefined-index-and-notice-undef) — james_tookey, Apr 26 '18 at 08:08
Remove your `test_input()` completely and start using Prepared Statements with placeholders instead. Your `test_input()` does _not_ properly prevent you from SQL injections. The notice most likely comes from you trying to access a key in the `$_POST` array that simply doesn't exist (I'm guessing that's where you're getting that notice) — M. Eriksson, Apr 26 '18 at 08:15
your `test_input()` just tackles XSS up to a point, not SQL injection — Rotimi, Apr 26 '18 at 08:27
if so.. then why my other form is is working fine with same kind of code. — Narendra Sharma, Apr 26 '18 at 08:53

input data from js into text box goving index not deined error while sql run

0 Answers0