0

I have a textarea whose contents I want to post to a database. 

  <body>
 <div class="container">
   <div class="row">
     <form action="post-code.php" method='POST'>
     <textarea name="textEditor" id="textEditor"></textarea>
     <input type="submit">
   </form>
 </div>

post-code.php:

<?php
include "conn.php";

$code1 = $conn->real_escape_string($_POST['textEditor']);

$insert = "INSERT INTO Code_Stream (Code) VALUES ($code1)";

$resultinsert = $conn->query($insert);


if(!$resultinsert){

  echo $conn->error;
}else{
  echo "<p> Code is streaming... </p>";
}

?>

It keeps on telling me that the index 'textEditor' is undefined.

Wiimm
  • 2,971
  • 1
  • 15
  • 25
codeman
  • 1
  • 2
  • 2
    **Warning:** You might be open to [SQL Injections](http://php.net/manual/en/security.database.sql-injection.php) and should really use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](http://php.net/manual/en/pdo.prepared-statements.php) or by [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Never trust any kind of input, especially that which comes from the client side. Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). – Dharman May 12 '19 at 11:11
  • When exactly does it tell you that it is undefined? When you Submit the form? What are the contents of `$_POST` after you submit? – Dharman May 12 '19 at 11:12
  • You tagged the question with JavaScript, does that mean you use Ajax to post your form? Where is your JS code? – Dharman May 12 '19 at 11:15
  • It just tells me on the page loading, before I submit the form – codeman May 12 '19 at 11:19
  • HI Dharman. Yes I will be using AJAX to send data off every few seconds. I was just encountering problems first of all with the undefined index so wanted to address a single problem – codeman May 12 '19 at 11:21
  • I think you threw us off the course with those tags then. If possible always keep the tags that are relevant to the question only. – Dharman May 12 '19 at 11:21
  • Hi Dharman sorry about that. I posted a question previously with those tags so they saved and did not refine them before posting with this one – codeman May 12 '19 at 11:24
  • You still didn't tell us when/how you get the undefined errors. Are you sure you are not accessing the `post-code.php` without submitting the form? Why have you not checked for this case anyway? – Dharman May 12 '19 at 11:26
  • I think I may have been accessing code.php without submitting. I have now fixed this. Thank you very much. – codeman May 12 '19 at 11:31
  • Possible duplicate of ["Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset" using PHP](https://stackoverflow.com/questions/4261133/notice-undefined-variable-notice-undefined-index-and-notice-undefined) – Dharman May 12 '19 at 11:33

2 Answers2

-1

Try to store the value of the textarea in a var and use the variable to send data to the database :

var text = document.getElementById("textEditor").value;
mattdaspy
  • 842
  • 1
  • 5
  • 11
-1

Quote $code1 

$insert = "INSERT INTO Code_Stream (Code) VALUES (\"$code1\")";
                                                  ^^      ^^
Wiimm
  • 2,971
  • 1
  • 15
  • 25
  • I already pointed out that OP has a problem with SQL injection. However the question was about not receiving the POST data. – Dharman May 12 '19 at 11:22
  • I don't see a SQL injection here in m answer. But you are right, the original code is wide open for it. And here I will only point the main issue. – Wiimm May 12 '19 at 11:25
  • You are inserting arbitrary content into SQL, this is SQL injection. – Dharman May 12 '19 at 11:27
  • It is not escaped and it is not a constant string to be quoted. It is PHP variable which should not find its way into SQL statement in any way. Data should always be passed as parameter. – Dharman May 12 '19 at 11:29
  • It is escaped 1 line before. And to follow your kind of arguments: My line is a simply text assignment without any SQL related code. ⇒ Either you see it as standalone line, or you see it in context. But you see the context only for the part of your arguments, but deny the context for *escaping*. Anyway, you warned about SQL injection at the question part (very good) and I expose the (or a) semantic error. – Wiimm May 12 '19 at 12:17