Ritesh Fondke Ritesh Fondke - 6 months ago 9
SQL Question

php indefined index error trouble


  1. i have wrote a php file for data entry i am getting error on php
    like undefined index my php code is
    i want to insert values which are posted by different input types on form

    <?php
    include("$_SERVER[DOCUMENT_ROOT]/riteshproject/config.php"); ?>
    <?php include("auth.php"); //include auth.php file on all secure
    pages ?> <?php

    $aria=$_POST['area'];
    $custname=$_POST['custname'];
    $mob1=$_POST['mob1'];
    $mob2=$_POST['mob2'];
    $flatbunglo=$_POST['flatbungalo'];
    $address=$_POST['address'];
    $bhk=$_POST['bhk'];
    $rent=$_POST['rent'];
    $diposit=$_POST['diposit'];
    $sqft=$_POST['sqft'];
    $floor=$_POST['floor'];
    $lift=$_POST['lift'];
    echo $addquery="insert into propertymaster (area,custname,mob1,mob2,proptype,address,bhk,rent,diposit,sqft,floor,lift)
    values ('$aria','$custname','$mob1','$mob2','$flatbunglo','$address','$bhk','$rent','$diposit','$sqft','$floor','$lift')";
    mysql_query($addquery);
    ?> <!DOCTYPE html> <html lang="en"> <head> <title>Shree Shree Property,kolhapur</title> <meta charset="utf-8"> <meta
    name="viewport" content="width=device-width, initial-scale=1">
    <link rel="stylesheet"
    href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css">
    <script
    src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.2/jquery.min.js"></script>
    <script
    src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>
    <style>
    /* Remove the navbar's default margin-bottom and rounded borders */
    .navbar {
    margin-bottom: 0;
    border-radius: 0;
    }

    /* Set height of the grid so .sidenav can be 100% (adjust as needed) */
    .row.content {height: 450px}

    /* Set gray background color and 100% height */
    .sidenav {
    padding-top: 20px;
    background-color: #f1f1f1;
    height: 100%;
    }

    /* Set black background color, white text and some padding */
    footer {
    background-color: #555;
    color: white;
    padding: 15px;
    }

    /* On small screens, set height to 'auto' for sidenav and grid */
    @media screen and (max-width: 767px) {
    .sidenav {
    height: auto;
    padding: 15px;
    }
    .row.content {height:auto;} .active { background-color: #00bfff; }
    }

    </style> </head> <body>

    <nav class="navbar navbar-inverse"> <div class="container-fluid">
    <div class="navbar-header">
    <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#myNavbar">
    <span class="icon-bar"></span>
    <span class="icon-bar"></span>
    <span class="icon-bar"></span>
    </button>
    <a class="navbar-brand" href="#">Logo</a>
    </div>
    <div class="collapse navbar-collapse" id="myNavbar">
    <ul class="nav navbar-nav">

    <li><a href="../home.php" class="active">Home</a></li> <li class="current" id="dddd"><a href="../aboutus.php" >About
    US</a></li> <li><a href="#">Contact US</a></li>
    <li><a href="#">Add Property</a></li> <li><a href="#">Luxarious Property</a></li> <li><a href="#">Property For
    Sale</a></li> <li><a href="#">Other Services</a></li>
    </ul>
    <ul class="nav navbar-nav navbar-right"> <li><a href="logout.php"><span class="glyphicon
    glyphicon-log-in"></span>Logout</a></li>
    </ul>
    </div> </div> </nav> <div class="container-fluid text-center"> <div class="row content">
    <div class="col-sm-2 sidenav">
    <p><a href="#">Link</a></p>
    <p><a href="#">Link</a></p>
    <p><a href="#">Link</a></p>
    </div>
    <div class="col-sm-8 text-left"> <html> <body> <div id="wrap2"> <form> <h4>Welcome Mr.<?php echo


    $_SESSION['username']; ?>!







    <td align="right">
    Area:
    </td>
    <td style="text-align:left" width="100px">

    <select name="area" id="area" value="select">
    <option value="SELECT" style="display:none">SELECT</option>
    <?php

    $query="select code,areaname from areamaster";
    $query_run=mysql_query($query);
    mysql_num_rows($query_run);

    while($row=mysql_fetch_assoc($query_run))

    {
    ?>

    <option value="<?php echo $row['areaname']?>"><?php echo $row['areaname']?></option>
    <?php
    }
    ?>
    </select>
    </td>
    </tr>
    <tr class="space1">
    <td width='100px' >
    </td>

    <td align="right">
    Customer Name:
    </td>
    <td>
    <input type="text" id="custname" name="custname" size="40">
    </td>
    </tr>

    <tr>
    <td width='100px' >
    </td>

    <td align="right">
    Mobile No 1:
    </td>
    <td>
    <input type="text" id="mob1" name="mob1">
    </td>
    </tr>

    <tr>
    <td width='100px' >
    </td>

    <td align="right">
    Mobile No 2:
    </td>
    <td>
    <input type="text" id="mob2" name="mob2">
    </td>
    </tr>

    <tr>
    <td>
    </td>
    <td><b>FLAT DETAILS:</b>
    </td>

    </tr>
    <tr>
    <td width='100px' >
    </td>
    <td align="right">
    Flat/Bungalo:
    </td>
    <td>
    <select name="flatbungalo" id="flatbungalo" value="select">
    <option>Flat</option>
    <option>Bungalo</option>
    <option>House</option>

    </select>
    </td> </tr>

    <tr>
    <td width='100px' >
    </td>
    <td align="right">
    Property Address:
    </td>
    <td><input type="text" id ="address" name ="address" size="40">
    </td> </tr>

    <tr>
    <td width='100px' >
    </td>
    <td align="right">
    BHK:
    </td>
    <td>
    <select name="bhk" id="bhk" value="select">
    <option>1 BHK</option>
    <option>2 BHK</option>
    <option>3 BHK</option>
    <option>4 BHK</option>

    </select>
    </td> </tr>
    <tr>
    <td width='100px' >
    </td>
    <td align="right">
    RENT:
    </td>
    <td><input type="text" id ="rent" name ="rent" size="10">
    </td> </tr>

    <tr>
    <td width='100px' >
    </td>
    <td align="right">
    Diposit:
    </td>
    <td><input type="text" id ="diposit" name ="diposit" size="10">
    </td> </tr>
    <tr>
    <td width='100px' >
    </td>
    <td align="right">
    SQ Ft:
    </td>
    <td><input type="text" id ="sqft" name ="sqft" size="10">
    </td> </tr>
    <tr>
    <td width='100px' >
    </td>
    <td align="right">
    Floor:
    </td>
    <td><input type="text" id ="floor" name ="floor" size="10">
    </td> </tr>

    <tr>
    <td width='100px' >
    </td>
    <td align="right">
    Lift:
    </td>
    <td>
    <select name="lift" id="lift" value="select">
    <option>Yes</option>
    <option>No</option>


    </select>
    </td> </tr>

    <tr height="20">
    </tr>
    <tr>
    <td>
    </td>
    <td>
    </td> <td align="left"><form method="POST"><input type="Submit" name="Add" id="add" value="Add"></form>
    </td> </tr>
    </table> </html> </form> </div> </body> </html>
    </div>
    <div class="col-sm-2 sidenav">
    <div class="well">
    <p>ADS</p>
    </div>
    <div class="well">
    <p>ADS</p>
    </div>
    </div> </div> </div>

    <footer class="container-fluid text-center"> <p>Footer Text</p>
    </footer>

    </body> </html>


    i had echo my query and i got result like insert into propertymaster
    (area,custname,mob1,mob2,proptype,address,bhk,rent,diposit,sqft,floor,lift)
    values ('','','','','','','','','','','','') basically blank values
    are inserting
    i want to insert values which are posted by different input types from form


    the thing is happening is blank values are assigning to vauables;
    for eg i wrote $aria=$_POST['area']; $aria="blank"
    please help me to solve this problem



enter image description here

Answer

You've got several problems according to the code you posted:

  1. You've got two opening <html> tags and two opening <body> tags.

  2. You've got two opening <form> tags before your submit button, which is invalid HTML, probably leading to your submit button not belonging to the form with all of your inputs, so when you hit the submit button, none of your inputs are sent with it. Forms are not nestable. To fix this error, remove the second opening <form> tag, making it one form.

  3. Before you use any input coming from a user such as GET and POST variables, you should check for their existence, typically with the isset() function such as:

     if (isset($_POST['aria'])) { $aria = $_POST['aria']; }

  4. You should NEVER put user input directly into a SQL statement. That is extremely vulnerable to a SQL injection attack. You should use prepared statements and bind your parameters.

For example, instead of using:

$addquery="insert into propertymaster (area,custname) values ('$aria','$custname')";
mysql_query($addquery);

You should instead use:

$stmt = $db->prepare("INSERT INTO propertymaster (area,custname) VALUES (':aria',':custname')";

$stmt->bindParams(':aria', $aria);
$stmt->bindParams(':custname', $custname);

$stmt->execute();
Comments