Issue with undefined offset with dynamically generated variables

Question

I am attempting to insert data into a database, but I keep getting a undefined offset error and I can not figure out why. The error log says the error is on line 41 which is

if(trim($_POST["item"][$i] !='')){

the program originally wrote to a text file and all the code worked the only new lines are these:

$data = explode(",", ${'item'.$i});
$query = "INSERT INTO batching (ing_date, ing_id, allergen, lot, batch_date, batch_id, batch_num)
VALUES($data[0],$data[1],$data[3],$data[4],$date,$rft_batch,1)";

if(isset($_POST['submit'])){
        $rft_batch = $_POST['rft_batch'];
        $date = $_POST['date'];
        $number = count($_POST);
        echo ("<h2>Batch Number: " . $rft_batch . " Batching Date: " . $date . "</h2><br />");
        if($number > 1) {
            for($i=0; $i<$number; $i++){
                if(trim($_POST["item"][$i] !='')){
                    ${'item'.$i} = $_POST["item"][$i];
                    $data = explode(",", ${'item'.$i});
                    $query = "INSERT INTO batching (ing_date, ing_id, allergen, lot, batch_date, batch_id, batch_num)
                    VALUES ($data[0],$data[1],$data[3],$data[4],$date,$rft_batch,1)";
                    echo (${'item'.$i}."<br />");
                }
            }
        }
        if (!mysqli_query($conn, $query)){
            die('An error occured. YOU SUCK AT CODING!');
        } else {
            echo ("GOOD JOB YOU FILTHY ANIMAL");
        }
    }

Use prepared statements (SQL injections); use `htmlspecialchars()` to output values (XSS). — cottton, Nov 19 '21 at 00:04
**Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) — Dharman, Nov 19 '21 at 10:42
We can't see your HTML but it looks like a typo. Which variable did you want to use in `$number = count($_POST);`? — Dharman, Nov 19 '21 at 10:43

score 0 · Accepted Answer · answered Nov 19 '21 at 02:38

0

You're looping over the count of $_POST and assuming that $_POST['item'] has the same amount of indexes as your $_POST.

Try changing $number = count($_POST); to $number = count($_POST['item']);

Or better $number = (isset($_POST['item']) ? count($_POST['item']) : 0);

Food for thought

I would also follow cotttons comment about using prepared statements. Better to get into a good habit from the start.

answered Nov 19 '21 at 02:38

InvictusMKS

401
3
8

That solved the undefined offset error but I am still having an issue... I am getting a Empty query error on line 50 which is the if statement that checks if the query was completed. – ITPilot Nov 19 '21 at 15:21

Issue with undefined offset with dynamically generated variables

1 Answers1