1

I'm working with PHP to make a Blogging CMS. So here is my code:

if(isset($_POST['insert_blog'])){
    $blog_id = uniqid('blog_post');
    $blog_author = $_POST['blog_author'];
    $blog_title = $_POST['blog_title'];
    $blog_body = $_POST['blog_body'];
    $blog_tags = $_POST['blog_tags'];
    $blog_category = $_POST['blog_category'];

    if($blog_title == '' OR $blog_body == ''  OR $blog_tags == ''){
        echo "
            <script>alert('Please fill all the fields!')</script>
            exit();
        ";
    }else{
        $insert_blog = "
            INSERT INTO `blogs` (`blog_id`,`blog_author`,`blog_title`,`blog_body`,`blog_category`,`blog_tags`,`date_posting`) 
            VALUES ('$blog_id','$blog_author','$blog_title','$blog_body','$blog_category','$blog_tags',NOW())
        ";
        $run_blog = mysqli_query($con2,$insert_blog);
        if($run_blog){
            echo "<META HTTP-EQUIV='Refresh' Content='0; URL=blognew-homepage.php?blog_id=$blog_id'>";
        }else{
            error_reporting(E_ALL);
            die(mysqli_error($con2));
        }
    }
}

And I get this error:

Undefined index: blog_author on line 5

Which basically gets the value of this input from the form:

<input class="form-control input-sm" type="text" disabled="disabled" name="blog_author" value="author: <?php echo $dataSet->GetUsername(); ?>">

So as you can see I have set the $dataSet variable to a method of class which simply gets the username of Admin.

And the other variables passed in manually by user in the form.

(Because they're working fine no need to mention them here)

So why am I getting this error message? Is it wrong to include a method in this form? How to fix this issue?

Zoe
  • 27,060
  • 21
  • 118
  • 148
  • 1
    I think you are send data through HTML form. you can easy check which input data send in server use this command . If your blog_author data get it is ok. – Shiva Manhar Jun 10 '18 at 07:09
  • 2
    `disabled="disabled"` ???? If you disable an element it will NOT be available in the POSTed data – Professor Abronsius Jun 10 '18 at 07:13
  • Possible duplicate of [values of disabled inputs will not be submitted?](https://stackoverflow.com/questions/1355728/values-of-disabled-inputs-will-not-be-submitted) – Nigel Ren Jun 10 '18 at 07:22
  • You should be using prepared statements, with that code you're vulnerable to SQL Injection attacks – SpacePhoenix Jun 10 '18 at 08:01

1 Answers1

1

Your input is disabled, what means that the value from that input will not appear in $_POST. If you want to use the disabled attribute, you can rename the disabled input and add a hidden input with the correct name/value like this:

<input class="form-control input-sm" type="text" disabled="disabled" name="blog_author_disabled" value="author: <?php echo $dataSet->GetUsername(); ?>">
<input type="hidden" name="blog_author" value="author: <?php echo $dataSet->GetUsername(); ?>">

Or you can replace the disabled attribute with readonly:

<input class="form-control input-sm" type="text" readonly name="blog_author_disabled" value="author: <?php echo $dataSet->GetUsername(); ?>">

This way the value will not be editable, but it will appear in $_POST.

Zoe
  • 27,060
  • 21
  • 118
  • 148
spielerds
  • 186
  • 1
  • 3