2

OK, so, first of all, i'm new to PHP and MySQL so i'm sorry if i'm going to ask some stupid questions: The page i am trying to create has 4 forms, and a submit button, and i want to send all this info to the database when i click submit, but i have these errors:

Notice: Undefined index: submit in C:\XAMPP\htdocs\SQLtesting\index.php on line 37

Notice: Undefined variable: sql in C:\XAMPP\htdocs\SQLtesting\index.php on line 45

Warning: mysqli_query(): Empty query in C:\XAMPP\htdocs\SQLtesting\index.php on line 45

Here is the code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
    <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
    <meta name="author" content="abcde" />

    <title>Untitled 2</title>
</head>

<body>

<form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>" name="User">
    First Name:
    <input type="text" name="firstName" /> <br />
    Last Name: 
    <input type="text" name="lastName" /> <br />
    E-mail:
    <input type="text" name="email" /> <br />
    Phone Number:
    <input type="text" name="phoneNumber" /> <br />
    <input type="submit" name="submit" />
</form>
<?php
$con=mysqli_connect("localhost","root",'',"test_1");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
if(isset($_POST['submit'])){
    $firstName = $_POST['firstName'];
    $lastName = $_POST['lastName'];
    $email = $_POST['email'];
    $phoneNumber = $_POST['phoneNumber'];
}
if($_POST['submit'])
{
$sql="INSERT INTO test_1_1(id,firstName, lastName, email, phoneNumber)
VALUES
('','$_POST[firstName]','$_POST[lastName]','$_POST[email]', '$_POST[phoneNumber]')";
echo "1 record added";
}

if (!mysqli_query($con,$sql))
  {
  die('Error: ' . mysqli_error($con));
  }

mysqli_close($con);
?>
</body>
</html>

I also noticed that if i write the 

$sql="INSERT INTO test_1_1(id,firstName, lastName, email, phoneNumber)
VALUES
('','$_POST[firstName]','$_POST[lastName]','$_POST[email]', '$_POST[phoneNumber]')";

simply without an if conditional i won't get the 

Warning: mysqli_query(): Empty query in C:\XAMPP\htdocs\SQLtesting\index.php on line 45

error but the code would add an empty row at the beginning.

I am using XAMPP for running this on local machine.

Improve this question
4
  • Do NOT use $_POST directly in your SQL query like that. What if I decided my name was '); DROP TABLE test_1_1; --? I suggest you read this: php.net/manual/en/mysqli.quickstart.prepared-statements.php or php.net/manual/en/mysqli.prepare.php Commented Nov 15, 2013 at 16:57
  • 1
    If you only define a variable ($sql) inside an IF, anything that uses that variable should also be inside that IF. That alone will solve the 2nd and 3rd errors. (and those are the 2 to solve first - if you fix the first error now it'll just hide the other errors) Commented Nov 15, 2013 at 16:57
  • Much appreciated, going to try both ideas Commented Nov 15, 2013 at 17:00
  • What does var_dump($_POST) show you? Are you sure your form is submitting correctly? Commented Nov 15, 2013 at 17:00

4 Answers 4

Reset to default
1

You have to make sure that $_POST['submit'] is set before you attempt to run the query. Try:

if(isset($_POST['submit'])){

    $firstName = $_POST['firstName'];
    $lastName = $_POST['lastName'];
    $email = $_POST['email'];
    $phoneNumber = $_POST['phoneNumber'];

    $sql = "INSERT INTO test_1_1 (id,firstName, lastName, email, phoneNumber) 
          VALUES ('','$firstName','$lastName','$email', '$phoneNumber')";

    if (!mysqli_query($con,$sql)){
        die('Error: ' . mysqli_error($con));
    }

    echo "1 record added";
}

By the way, your code is open to SQL injection. You can solve this security flaw by getting yourself familiar with prepared statements.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

i'm aware of SQL injection vulnerability, but first of all i have to learn some general things about MySQL/PHP and to get familiar with this type of codding. I've been studying alone for about 4 days, but thank you for your answer.
0

Chances are high that the:

if($_POST['submit']) {}

return false and your $sql var isn't filled

Try to add

var_dump($sql);

right before the 

if (!mysqli_query($con,$sql))
Improve this answer

Comments

0

Everything is related to everything. At first - use function such as var_dump to dump the content of $_POST.

I don't see the reason why $_POST['submit'] is empty, but I'd add some value to it:

<input type="submit" name="submit" value="Hey!" />

Check the condition and the brackets, it doesn't make sense. See Wayne Whitty's answer is correct.

Personally I'd recommend you using some php framework although you spend more time on it. They usually contain a lot of examples, documentation and they are very often aiming to learn you some good habits (coding style, ...).

Improve this answer

1 Comment

thanks for your answer, i'm going to try using a php framework
0
  • Notice: Undefined index: submit in C:\XAMPP\htdocs\SQLtesting\index.php on line 37

This means $_POST['submit'] does not exist. You should check if it exists using isset(...) instead of using it directly if you don't want to get the warning.

  • Notice: Undefined variable: sql in C:\XAMPP\htdocs\SQLtesting\index.php on line 45

Since $_POST['submit'] does not exist, the if clause is not executed and $sql is not filled, the error is self explanatory here.

  • Warning: mysqli_query(): Empty query in C:\XAMPP\htdocs\SQLtesting\index.php on line 45

This means query string ($sql is not defined and therefore defaulted to an empty string) is empty.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.