-1

my php is very "weak" so I am having trouble with this - 

<?php

include_once "../scripts/connect_to_mysql.php";

$title = $_POST['title'];
$desc = $_POST['description'];

$query = mysql_query("UPDATE images SET title='$title', description='$desc'") or die (mysql_error());

echo 'Operation Completed Successfully! <br /><br /><a href="index.php">Click Here</a>';
exit();
?>

The undefined index error is description on line 9 which is $desc = $_POST['description']; and "description" is in the database spelling is also right.

Lightness Races in Orbit
  • 378,754
  • 76
  • 643
  • 1,055
Aasim Azam
  • 263
  • 1
  • 4
  • 9
  • it has nothing to do with the database field name.. do you have a form that sends data to this script, using post as a request method and "description" as one of the fields? – mishu Oct 10 '11 at 08:43
  • 1
    Database?! `$_POST` is about POST values, not the database. And you have an SQL injection vulnerability, which comments/answers on **every single one** of the other posts that you allegedly checked out would have told you. – Lightness Races in Orbit Oct 10 '11 at 08:50
  • this isn't online ,nor will it ever go online so I do not have to worry about injections. I'm still learning but this has helped me understand what I am doing. I have found that some people on this site are very condescending!" – Aasim Azam Oct 10 '11 at 08:57
  • 1
    @Aasim: Direct, perhaps, and occasionally impatient to certain things. Just because we don't plaster our responses with smilies doesn't mean we're not nice people! After all, we _are_ spending our time on you for free. – Lightness Races in Orbit Oct 10 '11 at 09:05
  • 1
    -1 For "this isn't online ,nor will it ever go online", 50% of fraud happens by insiders in an organization. SQL-injection is just as much a problem for intranets as it is for the internet. And besides, if you know about the issue, how much work is it just to type `$title = mysql_real_escape_string($_POST['title']);` Nothing to do with looking down on people. – Johan Oct 10 '11 at 09:05
  • I understand your concerns about injections, but only I am using this. Its personal project that I am working on just trying to learn about php, its not an issue to just type that what you said, just that I don't know much about injections. – Aasim Azam Oct 10 '11 at 09:23
  • Also about people sounding condescending, I say this as some people will gladly help taking into consideration the level of the person asking the question - they won't question the person - if you cannot do that then don't read the question, don't answer the question. The answers here helped me understand my mistake and I thank them all. In this case it was my fault as the mistake was in a typing error, so if I have offended anyone I am sorry. – Aasim Azam Oct 10 '11 at 09:26
  • Wish I could downvote every comment from a SO newcomer that requests certain people not to answer or comment on certain questions. – Lightness Races in Orbit Oct 10 '11 at 09:44

4 Answers4

1

Your form needs to send this information to the php file. It seems as you only have title in your form and not description. You should post your form for better help.

<form ...>
  <input type="text" name="description" value="">
  <input type="text" name="title" value="">
</form>

You should always escape your data which you are using in SQL queries.

Tobias
  • 9,170
  • 3
  • 24
  • 30
  • I think you might have it, just testing it now, the part that was supposed to be description was title, copy and paste .... I think I need more coffee! – Aasim Azam Oct 10 '11 at 08:48
1

Apparently, a description field is not present in the $_POST array, thus index description does not point to anything.

What does var_dump($_POST); print?

Also, is this an internal system? If not, you should read up on SQL injections.

jensgram
  • 31,109
  • 6
  • 81
  • 98
  • thanks for the reply - but I think I have just made a stupid error - the description isn't coming through as the form was not set as description, rather as title - just a copy and paste error! – Aasim Azam Oct 10 '11 at 08:54
0

There is no element with index description in the $_POST array.

Try var_dump($_POST); before that line to examine the array. (Alternatively, if some information is cut, use print_r($_POST);

janoliver
  • 7,744
  • 14
  • 60
  • 103
-2

Try doing:

if(isset($_POST['description'])){echo "yes";}else{echo "no";}

This wont fix it but it will help determing whether $_POST['description'] exists.. Also, what is the source of $_POST['description']?, is it set in ../scripts/connect_to_mysql.php? How?

Unless performing more complex tasks (i.e. AJAX), POST variables are typically set by submitting a form- does your code come after the page is loaded following a form submission? If not, you may be incorrectly using _POST variables...

If $_POST['description'] is set somewhere in the code of ../scripts/connect_to_mysql.php, and by including the file you wish to then retrieve its value- you may be going about things wrongly- can you provide information about the origin of $_POST['description']?

SW4
  • 69,876
  • 20
  • 132
  • 137