0

Warning: Undefined array key "id" in D:\XAMPP\htdocs\iceico\CURD\index.php on line 20

I am trying to make a curd operation in php but this error I am faced .

Here i am used bootstrap for front end . for backend i was used php. and mysql database.

php code

<?php
$server = "localhost";
$user = "root";
$password = "";
$db = "student-registration";

$conn = mysqli_connect($server, $user, $password, $db);

if (!$conn) {
  die("Server not connected" . mysqli_connect_error());

}


if ($_SERVER["REQUEST_METHOD"] == "POST") {
  $name = $_POST['name'];
  $email = $_POST['email'];
  $number = $_POST['number'];
  $class = $_POST['class'];
  $id = $_FILES['id'];
  // print_r($_FILES['id']);
  // $id_loc = $_FILES['id']['temp_name'];
  // $id_name = $_FILES['id']['name'];
  // $id_des = 'uploadId/' . $id_name;
  // move_uploaded_file($id_loc, 'uploadId/' . $id_name);

  // $sql = "INSERT INTO 'student'('Name','Email','Contact','Class','id') VALUES('$name','$email','$number','$class','$id_des')";
  // $result = mysqli_query($conn, $sql);

}

?>

html code

<!DOCTYPE html>
<html>

<head>

  <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet"
    integrity="sha384-9ndCyUaIbzAi2FUVXJi0CjmCapSmO7SnpJef0486qhLnuZ2cdeRhO02iuK6FUUVM" crossorigin="anonymous">
  <title>Document</title>
</head>

<body>
  <nav class="navbar bg-body-tertiary">
    <div class="container-fluid">
      <a class="navbar-brand" href="#">
        Student Registration
      </a>
    </div>
  </nav>

  <form action="/iceico/CURD/index.php" method="post" >
    <div class="container my-4 w-50">
      <div class="mb-3">
        <label for="name" class="form-label">Name</label>
        <input type="text" class="form-control" id="name" name="name"
          placeholder=" Prathamesh Manoj Rathod">
      </div>
      <div class="mb-3">
        <label for="email" class="form-label">Email</label>
        <input type="email" class="form-control" id="email" name="email"
          placeholder="mailtoprathamesh484@gmail.com">
      </div>
      <div class="mb-3">
        <label for="number" class="form-label">Contact</label>
        <input type="number" class="form-control" id="number" name="number" placeholder="9130*******">
      </div>
      <div class="mb-3">
        <label for="class" class="form-label">Class</label>
        <input type="text" class="form-control" id="class" name="class"
          placeholder="PHP Developer (ICEICO)">
      </div>

      <div class="mb-3">
        <label for="id" class="form-label">id</label>
        <input type="file" class="form-control" id="id" name="id">
       
      </div>
      
        <button type="submit" class="btn btn-primary">Submit</button>
    
    </div>
  </form>
</body>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"
  integrity="sha384-geWF76RCwLtnZ8qwWowPQNguL3RmwHVBC9FhGdlKrxdiJJigb/j/68SIy3Te4Bkz" crossorigin="anonymous"></script>

</html>

I was try to change the name but still face issue.

Prathamesh Rathod
  • 1
  • 3
  • **Note:** Be sure your file upload form has attribute `enctype="multipart/form-data"` otherwise the file upload will not work. -- from: [POST method uploads - PHP Manual](https://www.php.net/manual/en/features.file-upload.post-method.php) – hakre Jun 29 '23 at 10:13
  • A Curd operation? Whay do you want to do that :) – RiggsFolly Jun 29 '23 at 10:23
  • **Warning:** Your code (once you un-comment it) is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unparameterised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. – ADyson Jun 29 '23 at 10:35
  • https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also the [mysqli documentation](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) and this: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. If you learnt your current technique from a tutorial or book, please don't use that resource again. – ADyson Jun 29 '23 at 10:35
  • Also, please bring your error handling into the 21st century. Add `mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` before your `mysqli_connect()` (or `new mysqli()`) command, and this will ensure that errors with your SQL queries are reported correctly to PHP automatically. That way you don't need to clutter your script with repetitive code to keep checking errors after every mysqli command. And you should never be echoing error data deliberately - it can easily reveal sensitive info to attackers by accident. – ADyson Jun 29 '23 at 10:35
  • Never configure your web app to login to the database as `root`. Root can do whatever it likes, so on top of the SQL injection vulnerabilities this just leaves your database an open book for hackers. Instead create a separate user account specifically for this application which has only the permissions it actually _needs_ in order to work properly. Don't even use the root account as a shortcut during development or testing, because you need to test your account permissions as well - otherwise when you go live you might have unexpected errors relating to the user account setup. – ADyson Jun 29 '23 at 10:35

1 Answers1

1

Add an attribute enctype="multipart/form-data" to the form tag. This is required for any form that is uploading a file.

<form action="/iceico/CURD/index.php" method="post" enctype="multipart/form-data" >
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
M Rachmat Riadi
  • 26
  • 1