error inserting data.undefined index firstname/lastname on line 14

Question

SirMahlon 0 Junior Poster in Training

11 Years Ago

<html>
<body>
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("mydb", $con);

$sql="INSERT INTO users(firstname, lastname)
VALUES
('$_POST[firstname]','$_POST[lastname]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

mysql_close($con)
?>
</body>
</html>

php

2 Contributors
22 Replies
235 Views
6 Hours Discussion Span
Latest Post 11 Years Ago Latest Post by broj1

broj1 356 Humble servant

11 Years Ago

Check first whether $_POST values exist (they usually do not on the first page load). And also it is very important to escape the values before inserting into the database.

// check if values exist
if(isset($_POST[firstname]) and isset($_POST[lastname])) {

    $con = mysql_connect("localhost","root","");
    if (!$con)
    {
        die('Could not connect: ' . mysql_error());
    }
    mysql_select_db("mydb", $con);

    // escape the values (to minimize a chance of SQL injection)
    $firstname = mysql_real_escape_string($_POST[firstname]);
    $lastname = mysql_real_escape_string($_POST[lastname]);

   // then use escaped values in your query
   $sql="INSERT INTO users(firstname, lastname) VALUES ('$firstname','$lastname')";
    ...
    ...
    mysql_close($con);
}

Also ASAP switch to more up to date DB extension such as mysqli or PDO.

Edited 11 Years Ago by broj1

broj1 356 Humble servant

11 Years Ago

Sory, my mistake, forgot the quotes in array indexes. This is correct:

$firstname = mysql_real_escape_string($_POST['firstname']);
$lastname = mysql_real_escape_string($_POST['lastname']);

broj1 356 Humble servant

11 Years Ago

What is the code on line 2?

broj1 356 Humble servant

11 Years Ago

OK, the quotes are missing in this line also. Try:

if(isset($_POST['firstname']) && isset($_POST['lastname'])) {

broj1 356 Humble servant

11 Years Ago

Echo the query and test it in phpmyadmin (or post it here). Put this temporary debug line somewhere (like line 11 in your original post):

die("INSERT INTO users(firstname, lastname) VALUES ('$firstname','$lastname')");

This will display the constructed query and stop the script. Now copy it to phpmyadmin and see what happens. You can post the output here.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

SirMahlon 0 Junior Poster in Training · Answer 1 · 2013-08-06T11:11:04+00:00

thanks.but am now getting a new error use of undefined constants on line 2.what might be the problem

SirMahlon 0 Junior Poster in Training · Answer 2 · 2013-08-06T11:47:15+00:00

still get the same error after adding the qoutes please.

SirMahlon 0 Junior Poster in Training · Answer 3 · 2013-08-06T12:07:47+00:00

if(isset($_POST[firstname]) and isset($_POST[lastname])) {

SirMahlon 0 Junior Poster in Training · Answer 4 · 2013-08-06T12:27:16+00:00

now i don't get any error but no data is sent into the tables users with databse name mydb.
thanks a lot by the way

SirMahlon 0 Junior Poster in Training · Answer 5 · 2013-08-06T12:54:19+00:00

<?php
// check if values exist
 if(isset($_POST['firstname']) && isset($_POST['lastname'])) {
    $con = mysql_connect("localhost","root","");
    if (!$con)
    {
        die('Could not connect: ' . mysql_error());
    }
    mysql_select_db('mydb', $con);
    // escape the values (to minimize a chance of SQL injection)
    $firstname =  mysql_real_escape_string($_POST['firstname']);
    $lastname = mysql_real_escape_string($_POST['lastname']);
   // then use escaped values in your query
   $sql='INSERT INTO users(firstname,lastname) VALUES ("$firstname","$lastname")';
   if (!mysql_query($sql,$con))
  {
    echo $sql;
    }
    else
    {
      die('Error: ' . mysql_error());
  }
echo "1 record added";
    mysql_close($con);
    }
?>

SirMahlon 0 Junior Poster in Training · Answer 6 · 2013-08-06T12:58:05+00:00

still the same.no error but the data does not get in there

broj1 356 Humble servant Featured Poster · Answer 7 · 2013-08-06T13:06:25+00:00

Can you post the code for the form? There might be an error there.

SirMahlon 0 Junior Poster in Training · Answer 8 · 2013-08-06T13:10:55+00:00

<html>
<body>
<h1>A small example page to insert some data in to the MySQL database using PHP</h1>
<form action="insert.php" method="post">
Firstname: <input type="text" name="fname" /><br><br>
Lastname: <input type="text" name="lname" /><br><br>

<input type="submit" />
<?php

?>
</form>
</body>
</html>

SirMahlon 0 Junior Poster in Training · Answer 9 · 2013-08-06T13:11:14+00:00

SirMahlon 0 Junior Poster in Training

11 Years Ago

this is the form code please

broj1 356 Humble servant Featured Poster · Answer 10 · 2013-08-06T13:25:47+00:00

The input name attributes should be the same as indexes in the $_POST array so change the form to:

Firstname: <input type="text" name="firstname" /><br><br>
Lastname: <input type="text" name="lastname" /><br><br>

(or if you prefer change the indexes in the $_POST array).

SirMahlon 0 Junior Poster in Training · Answer 11 · 2013-08-06T14:48:26+00:00

not working still sir.i want to post both codes for you to examine pls.

SirMahlon 0 Junior Poster in Training · Answer 12 · 2013-08-06T14:48:59+00:00

<?php
// check if values exist
 if(isset($_POST['fname']) && isset($_POST['lname'])) {
    $con = mysql_connect("localhost","root","");
    if (!$con)
    {
        die('Could not connect: ' . mysql_error());
    }
    mysql_select_db('mydb', $con);
    // escape the values (to minimize a chance of SQL injection)
    $fname =  mysql_real_escape_string($_POST['fname']);
    $lname = mysql_real_escape_string($_POST['lname']);
   // then use escaped values in your query
   $sql="INSERT INTO users(fname,lname) VALUES ('$_POST[fname]','$_POST[lname]')";
   if (!mysql_query($sql,$con))
  {
    echo $sql;
    }
    else
    {
      die('Error: ' . mysql_error());
  }
echo "1 record added";
    mysql_close($con);
    }
?>

SirMahlon 0 Junior Poster in Training · Answer 13 · 2013-08-06T14:49:46+00:00

this is for the form.my browser echo's my sql statement but does not get into the database

SirMahlon 0 Junior Poster in Training · Answer 14 · 2013-08-06T14:50:14+00:00

<html>
<body>
<h1>A small example page to insert some data in to the MySQL database using PHP</h1>
<form action="insert.php" method="post">
Firstname: <input type="text" name="fname" /><br><br>
Lastname: <input type="text" name="lname" /><br><br>
 <input type="submit" />
</form>
</body>
</html>

x

broj1 356 Humble servant Featured Poster · Answer 15 · 2013-08-06T15:25:30+00:00

What is the output of the echo command on line 17?

And change the query to use escaped values:

$sql="INSERT INTO users(fname,lname) VALUES ('$fname','$lname')";

And to be on safe side put a space after database name:

$sql="INSERT INTO users (fname,lname) VALUES ('$fname','$lname')";

SirMahlon 0 Junior Poster in Training · Answer 16 · 2013-08-06T16:27:28+00:00

SirMahlon 0 Junior Poster in Training

11 Years Ago

thanks boss.issue resolved.

broj1 356 Humble servant Featured Poster · Answer 17 · 2013-08-06T16:30:37+00:00

Glad to hear that. Please mark thread as solved. Happy coding.