-3

I've tried to solve the problem by reading other posts, but it's been a few days and i'm still stuck here. I'm trying to post two inputs and then store them in my DB. I'm using 000webhost which uses PHPMYADMIN. This are the errors: Notice: Undefined index: nombre in /storage/ssd5/749/14997749/public_html/includes/enviar.inc.php on line 11

Notice: Undefined index: opinion in /storage/ssd5/749/14997749/public_html/includes/enviar.inc.php on line 12

This is my code

index.php:

<!DOCTYPE HTML>
<html>
    <head>
        <title>Title goes here</title>
    </head>
    <body>
        <br><br>
        <h1>Welcome</h1>
        <div>
            <h3>text goes here </h3>
        </div>
        <br><br>
        <form action="includes/enviar.inc.php" method="POST">
            <div>
                <label for="nombre">Nombre:</label>
                <input type="text" name="nombre" required>
            </div>
            
            <div>
                <label for="opinion">Opinión:</label>
                <input type="text" name="opinion"></textarea>
            </div>
            
            <button type="submit" name="submit" value="signin">Enviar</button>
        </form>
    </body>
</html>

enviar.inc.php file:

<?php

//error_reporting(E_ALL ^ E_NOTICE);

session_start();
require_once '../classes/DataBaseHandler.php';

$dbh = new DataBaseHandler();
$dbh->ConnectToDataBase();

$nombre = $dbh->EscapeString($_POST['nombre']);
$opinion = $dbh->EscapeString( $_POST['opinion']);

$sql = "INSERT INTO opiniones (id, nombre, opinion) VALUES (NULL, '$nombre', '$opinion');";
$dbh->Query($sql);

exit;

DataBaseHandler.php:

<?php

class DataBaseHandler {
    
    private $conn = null;
    private $host="localhost";
    private $username="myusername";
    private $password="mypassword";
    private $dbname="mydbname";
    
    public function ConnectToDataBase() {
        if($this->conn == null){
            $this->conn = mysqli_connect($this->host, $this->username, $this->password, $this->dbname);
        }
        else {
            return $this->conn;
        }
    }
    
    public function Query($query) {
        return mysqli_query($this->conn, $query);
    }
    
    public function EscapeString($string) {
        return mysqli_real_escape_string($this->conn, $string);
    }
}

I haven't been able to upload anything to the database, but if i replace '$nombre' and '$opinion' in enviar.inc.php with say 'test1' and 'test2', it works perfectly (and removing lines 11 and 12)

What is the problem?

Sebastian Barco
  • 1
  • 1
    **Warning:** You are wide open to [SQL Injections](https://stackoverflow.com/a/60496/1839439) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Sep 30 '20 at 20:18

1 Answers1

0

In your HTML your 'opinion' field is incorrect. You open an <input> but close with </textarea>

Roger Creasy
  • 1,419
  • 2
  • 19
  • 35
  • Thanks for your answer, I've already fixed the . But I'm getting the exact same error – Sebastian Barco Sep 30 '20 at 20:30
  • The issue is that the 'opinion' field is not in the $_POST array. Double-check your name attribute on the form element. You could var_dump($_POST) in your handler to see what is being sent by the form. Good luck. – Roger Creasy Oct 01 '20 at 12:15