1

When I input data into my form, it posts just fine into the first php page I have set up. Once I input the information, it is supposed to store into XAMPP's SQL database I have created. I am getting undefined index errors on my admin.php file

https://i.stack.imgur.com/k0sfa.jpg

 <?php

    $servername = "localhost";
    $username = 'root';
    $password = '';
    $dbname = 'megatravel';
    //establishes connection to database/localhost
    $conn = new mysqli($servername, $username, $password, $dbname);

    //error message if connection is not established
    if ($conn->connect_error) {
        die("Failed to Connect: " . $conn->connect_error);
    }

    //insert statement into reservations table
    $sql = "INSERT INTO reservations (name, email, phone, adultsNo, children, city, activity, traveldate)
    VALUES ('{$_POST['name']}', '{$_POST['email']}','{$_POST['phone']}','{$_POST['adultsNo']}', '{$_POST['children']}',
     '{$_POST['city']}', '{$_POST['activity']}', '{$_POST['traveldate']}')";

    //outputs message if data is inputted successfully, error if not
    if ($conn->query($sql) === TRUE) {
        echo "<br><br>Your information has successfully been inserted into the database!<br>";
    } else {
        echo "<br>Error: " . $sql . "<br>" . $conn->error;
    }
    //select statement that pulls the information entered from the reservations and puts data into a simple table
    $sql = "SELECT * FROM reservations";
    $result = mysqli_query($conn, $sql);
    echo "<table border='3'>";
    echo "<tr>";
    echo "<td style='text-align: center; font-weight: bold'>Full Name</td>",
    "<td style='text-align: center; font-weight: bold'>Email Address</td>",
    "<td style='text-align: center; font-weight: bold'>Phone Number</td>",
    "<td style='text-align: center; font-weight: bold'>Adults</td>",
    "<td style='text-align: center; font-weight: bold'>Children</td>",
    "<td style='text-align: center; font-weight: bold'>City</td>",
    "<td style='text-align: center; font-weight: bold'>Activity</td>",
    "<td style='text-align: center; font-weight: bold'>Date</td>";
    echo "</tr>";

    while ($row = mysqli_fetch_assoc($result)) { 
        echo "<tr>";
        foreach ($row as $field => $value) { 
            echo "<td>" . $value . "</td>"; 
        }
        echo "</tr>";
    }

    echo "</table>";


    $conn->close();

    ?>
Jordan Mahsman
  • 104
  • 7
  • It looks like PHP is not recognising the variable names in your $_POST array. It would be helpful if you could include the HTML code for the form that submits to admin.php, to ensure that the input elements are named correctly. – MichaelvE Apr 29 '19 at 22:40

1 Answers1

0

I don't see anything in the code you've posted that would cause this, it seems as if though the data is not sent through POST, or sent at all. Please provide the actual form sending the data as well.

Something I'd like to mention is that you look up prepared statements for SQL as this code is exploitable through a method called SQL Injection as you are using data directly provided by the user without actually looking at it. This can result in an attacker carefully crafting some data to make their own SQL query.

Here is a video made by Computerphile explaining this attack method better.

Donran
  • 21
  • 3