Thread: Undefined Index

Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2013
    Posts
    16
    Rep Power
    0

    Undefined Index


    Sir, I am using these codes

    PHP Code:
    // UPDATE
            
        
    if(isset($_POST['update']))
        {
        
    // Get values from form 
        
    $name=$_POST['name'];
        
    $moba=$_POST['moba'];
        
    $mobb=$_POST['mobb'];
        
    $ptcl=$_POST['ptcl'];
        
    $fax =$_POST['fax'];
        
    $email=$_POST['email'];
        
    $web =$_POST['web'];
        
    $add =$_POST['add'];
        
    $city =$_POST['city'];
        
    $country =$_POST['country'];
        
    $job =$_POST['job'];
        
    $office =$_POST['office'];
        
    $place =$_POST['place'];
        
    $phone =$_POST['phone'];
        
    $others =$_POST['others'];


        if (empty(
    $moba)){
                echo 
    "<script>alert('No username is selected')</script>";
            }else{
                
    $query "UPDATE contacts SET  name=$name mobb=$mobb ptcl=$ptcl fax=$fax email=$email web=$web address=$add city=$city country=$country job=$job office=$office place=$place phone=$phone others=$others where moba='".$_POST['$moba']."'";
                
    $result mysqli_query($con$query)or die (mysqli_error());
            
            
    //check update
                
    if(!$result)
                {
                echo (
    "<script>alert('Sorry! Something went wrong.')</script>");
                }else{
                echo (
    "<script>alert('Record updated successfully')</script>"); 
                }
            }
            } 

    but it says:
    Notice: Undefined index: $moba in C:\wamp\www\Phonebook\contacts.php on line 110

    and line 110 is
    PHP Code:
    $query "UPDATE contacts SET  name=$name mobb=$mobb ptcl=$ptcl fax=$fax email=$email web=$web address=$add city=$city country=$country job=$job office=$office place=$place phone=$phone others=$others where moba='".$_POST['$moba']."'"
    My database is as follows:



    What I am doing wrong?
    Please help me
  2. #2
  3. Code Monkey V. 0.9
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Mar 2005
    Location
    A Land Down Under
    Posts
    2,111
    Rep Power
    1990
    The error message is very clear on what's wrong.
    PHP Code:
    $_POST['$moba'
    That's not set. The most likely reason for this is that you don't have a field in your form that uses that name, so it's not passed with the rest of the values. Look back at your form field and check the naming. If you think that looks right, double-check the actual values that are being POST'ed through to see if it's being sent.
  4. #3
  5. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    apart from that, your code is wide open to SQL injections and will get you into serious trouble once it's online.

    Never insert raw variables into queries. Attackers can use this to manipulate the query and do all kinds of things like downloading your entire database or even taking over your server.

    Since you're already using MySQLi (which is good), now it's time to use it correctly. Passing variables to queries is done with prepared statements.
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  6. #4
  7. Code Monkey V. 0.9
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Mar 2005
    Location
    A Land Down Under
    Posts
    2,111
    Rep Power
    1990
    [QUOTE=Catacaustic]The error message is very clear on what's wrong.
    PHP Code:
    $_POST['$moba'
    I think I have have gotten it wrong myself on this one...

    What I failed to see before was the $ in the index name. That means that your script is looking for a variable named '$moba' and not 'moba' like you expected it to. I only noticed that because a few lines above that you use it correctly, and there's no error there.

    Oh, and listen to Jaques. Seems like no matter how many times he says it, people still keep on making that same mistake.
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2013
    Posts
    16
    Rep Power
    0
    Originally Posted by Catacaustic
    The error message is very clear on what's wrong.
    PHP Code:
    $_POST['$moba'
    That's not set. The most likely reason for this is that you don't have a field in your form that uses that name, so it's not passed with the rest of the values. Look back at your form field and check the naming. If you think that looks right, double-check the actual values that are being POST'ed through to see if it's being sent.
    Sir FORM has moba field as

    Code:
    	<tr>
    	<td width=30><label>Mobile 1</label></td>
    	<td width=45><input type="text" name="moba" id="moba" value="<?php echo $moba;?>" maxlength="11" ><span class="required"></span> </td>
    	</tr>
  10. #6
  11. Code Monkey V. 0.9
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Mar 2005
    Location
    A Land Down Under
    Posts
    2,111
    Rep Power
    1990
    OK, now read my second reply. That's where you'll see the real answer.

    Oh, and again... Read what Jaques said, unless you want your server to get hacked in about 1 1/2 seconds.
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2013
    Posts
    16
    Rep Power
    0
    Originally Posted by Catacaustic
    OK, now read my second reply. That's where you'll see the real answer.

    Oh, and again... Read what Jaques said, unless you want your server to get hacked in about 1 1/2 seconds.
    is it reply to my thread?
  14. #8
  15. Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jan 2004
    Location
    New Springfield, OH
    Posts
    1,233
    Rep Power
    1469
    Catacaustic has told you what's wrong above. PHP errors are actually very good. And the line numbers are accurate.

    Undefined index: $moba

    The array index $moba has not been defined. And it hasn't. The index moba has. See the difference? You need to remove the $ here.
    PHP Code:
    $_POST['$moba'
    And I will say also, Jacques is giving you good advice. You're already using MySQLi, but you're not using it correctly.
    Don't like me? Click it.

    Scripting problems? Windows questions? Ask the Windows Guru!

    Stay up to date with all of my latest content. Follow me on Twitter!

    Help us help you! Post your exact error message with these easy tips!
  16. #9
  17. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2013
    Posts
    16
    Rep Power
    0
    Originally Posted by Nilpo
    Catacaustic has told you what's wrong above. PHP errors are actually very good. And the line numbers are accurate.

    Undefined index: $moba

    The array index $moba has not been defined. And it hasn't. The index moba has. See the difference? You need to remove the $ here.
    PHP Code:
    $_POST['$moba'
    And I will say also, Jacques is giving you good advice. You're already using MySQLi, but you're not using it correctly.
    Thanks one problem solved, now i am facing this this problem

    Warning: mysqli_error() expects exactly 1 parameter, 0 given in C:\wamp\www\Phonebook\contacts.php on line 111

    line 111 is

    $result = mysqli_query($con, $query)or die (mysqli_error());
  18. #10
  19. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    You've been warned four(!) times about a very serious security vulnerability, and you simply ignore us?

    Actually, that line you've posted is the next security hole:

    MySQL error messages are not meant to be displayed on the website.

    They contain internal information about your system and are only to be read by the developers. If you dump the messages on the website, they will help attackers gather data about your system, and they'll irritate legitimate users.

    Please take a few minutes to actually read the replies before you get yourself or the people around you into trouble.
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  20. #11
  21. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2013
    Posts
    16
    Rep Power
    0
    Originally Posted by Jacques1
    You've been warned four(!) times about a very serious security vulnerability, and you simply ignore us?

    Actually, that line you've posted is the next security hole:

    MySQL error messages are not meant to be displayed on the website.

    They contain internal information about your system and are only to be read by the developers. If you dump the messages on the website, they will help attackers gather data about your system, and they'll irritate legitimate users.

    Please take a few minutes to actually read the replies before you get yourself or the people around you into trouble.
    Well thanks, but how to tell you that what problem i am facing?

    I think, I can not get proper solution untill i tell you problem details.

    Sorry if you mind.
  22. #12
  23. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    The underlined words are links. You can click on them and will be taken to other pages with detailed information.

    I'll gladly help you if there's something you don't understand or if you have further questions. But you will have to do the reading yourself. We can't do it for you.
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  24. #13
  25. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2013
    Posts
    16
    Rep Power
    0
    Originally Posted by Jacques1
    The underlined words are links. You can click on them and will be taken to other pages with detailed information.

    I'll gladly help you if there's something you don't understand or if you have further questions. But you will have to do the reading yourself. We can't do it for you.
    Thanks all participants, finally i got solution as

    PHP Code:
    $query "UPDATE contacts SET  name='$name', mobb='$mobb', ptcl='$ptcl', fax='$fax', email='$email', web='$web', address='$add', city='$city', country='$country', job='$job', office='$office', place='$place', phone='$phone', others='$others' where moba='".$_POST['moba']."'";
    $result mysqli_query($con,$query)or die (mysqli_error($con)); 
    This work fine.
    Does it need more modification?

    Comments on this post

    • Jacques1 disagrees : You're the first user I've met who literally ignored all replies. "Congratulations".
  26. #14
  27. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    WTF is this?

    Comments on this post

    • badger_fruit agrees : Haha, OMG Jacques1 is an actual human - I thought for a moment you were some mad robot.
    • jabba_29 agrees
    • derplumo agrees : Why does he ask for improvement then?
    Attached Images
    Last edited by Jacques1; December 13th, 2013 at 05:12 AM.
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  28. #15
  29. Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jan 2004
    Location
    New Springfield, OH
    Posts
    1,233
    Rep Power
    1469
    Originally Posted by tqmd1
    Does it need more modification?
    You need to fix the security holes that have been brought up more than once. Please re-read every response you've gotten so far.
    Don't like me? Click it.

    Scripting problems? Windows questions? Ask the Windows Guru!

    Stay up to date with all of my latest content. Follow me on Twitter!

    Help us help you! Post your exact error message with these easy tips!
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo