How to solve Undefined index

Question

I have a form like this, if I choose the Admin level, then the combo box department is disabled, then when choosing the Staff level, then the combo box department will be active and display the department's options, this method works, but it encountered an error during the save process by selecting the Admin level, and the form department is not active,

This my code

    <div class="form-group">
            <label class="control-label col-sm-4" for="level">Level</label>
            <div class="col-sm-4"> 
              <select name="level" id="level" class="form-control">
              <option value="null">-- Level --</option>
              <option value="admin">Admin</option>
              <option value="staff">Staff</option>
              <option value="client">Client</option>
              </select>
            </div>
          </div>
          <div class="form-group">
            <label class="control-label col-sm-4" for="department">Department</label>
            <div class="col-sm-4"> 
              <select name="department" id="department" class="form-control">

              </select>
            </div>
          </div>
 $("#level").change(function(){

        // variabel dari nilai combo box provinsi
        var id = $("#level").val();


        // mengirim dan mengambil data
        $.ajax({
            type: "POST",
            dataType: "html",
            url: "search_level.php",
            data: "level="+id,
            success: function(msg){

                // jika tidak ada data
                if(msg == ''){
                  var x=document.getElementById("department")
                  x.value=""
                  x.disabled=true
                }               
                // jika dapat mengambil data,, tampilkan di combo box kota
                else{
                  var x=document.getElementById("department")
                  x.disabled=false
                    $("#department").html(msg);                                                     
                }
            }
        });    
    });

code save proses

   <?php

include "../config/koneksi.php";

$name = $_POST['name'];
$user = $_POST['username'];
$password = md5($_POST['password']);
$level = $_POST['level'];
$deparment = $_POST['department'];

$status = '1';
$tgl_dibuat = date("Y-m-d h:i:s");

$query = mysqli_query($con, "INSERT INTO user (nama,user,password,level,department,tgl_dibuat,status) VALUES ('$name','$user',
'$password','$level','$deparment','$tgl_dibuat','$status')");

if ($query) {
    ?>
    <script language="JavaScript">
    alert('User Saved');

    </script>
    <?php
} else {
    ?>
    <script language="JavaScript">
    alert('Failed');
    document.location='user';
    </script>
    <?php
} 
?>

code search

<?php
    include "../config/koneksi.php";

    $id = $_POST['level'];

    $query = mysqli_query($con, "SELECT * FROM department WHERE level='$id'");
    while($data_prov=mysqli_fetch_array($query)){   
    ?>
        <option value="<?php echo $data_prov["department"] ?>"><?php echo $data_prov["department"] ?></option><br>

    <?php
    }
    ?>

Please do not use `md5()` for password encryption, there are better calls. You should also be using prepared statements for security reasons. — mickmackusa, Mar 08 '19 at 07:57
Possible duplicate of https://stackoverflow.com/questions/4261133/notice-undefined-variable-notice-undefined-index-and-notice-undefined — 04FS, Mar 08 '19 at 07:57
There are several issues with the above code: as pointed out, do not use `md5` to hash passwords as it is broken, use `password_hash`/`password_verify` instead. The code is vulnerable to sql injection - use `prepared statements` instead and you have no checks anywhere that the variables are set before assigning them - use `isset()` — Professor Abronsius, Mar 08 '19 at 07:59
you code is wide open to **SQL injection attacks!** use **prepared statements** to completely secure your data from these attacks *and* solve a bunch of other potential problems before you even encounter them. — Franz Gleichmann, Mar 08 '19 at 08:02

ALFA · Accepted Answer · 2019-03-08T07:58:14.773

If the field is disabled you won't send $_POST['department']; so:

$deparment = $_POST['department'];

fails to load 'department' index of your post request. You could do:

$department = isset($_POST['department']) ? $_POST['department'] : "Default value";

Please notice that your code is quite unsafe since you don't do any check on values and you don't escape strings, someone could easily inject some SQL inside the form. See mysqli_real_escape_string().

I would at least escape your strings:

$name = mysqli_real_escape_string($_POST['name']);
$user = mysqli_real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$level = mysqli_real_escape_string($_POST['level']);
$deparment = isset($_POST['department']) ? mysqli_real_escape_string($_POST['department']) : "Default value";

Also, as @alexis observe, it would be even better to use Prepared statements.

Good that you point out the security problem; but instead of manually quoting with `mysqli_real_escape_string`, use prepared queries -- it's more robust and far simpler to use too: http://php.net/manual/en/mysqli.quickstart.prepared-statements.php — alexis, Mar 08 '19 at 07:58

score 0 · Answer 2 · answered Mar 08 '19 at 07:57

Basically this error tells you that in file "add_user.php" on line 9 you are trying to print index which actually doesn't exist. That line of code is given below...

<option value="<?php echo $data_prov["department"] ?>"><?php echo $data_prov["department"] ?></option><br>

So, in order to solve this problem, you have to find out what are columns name in your database table department. Just type or copy paste exactly same these column name instead of department into given below code line...

<option value="<?php echo $data_prov["column_name"] ?>"><?php echo $data_prov["column_name"] ?></option><br`>

Then this error will be resolved.

How to solve Undefined index

2 Answers2