Error while updating the database with multiple php files

PHP
1

I am trying to update the databse with the pubupdate.php file with the mentioned file but it is giving error Notice: Undefined index: user in C:\xampp\htdocs\Publication\form.php on line 3

Notice: Undefined index: pass in C:\xampp\htdocs\Publication\form.php on line 4. I don’t know how this page is directed to form.php. However form.php has been used to create the account of the user so that user can login into the website. The login is done by the page login.php which is using the data which has been inserted in create.php. I don’t know how to solve this problem and howcome pubupdate.php is directing to form.php and how to solve this problem.

I am posting the codes which I have used.

pubupdate.php

<?php

$typereg = $_POST['papertype'];
$ptitlereg = $_POST['ptitle'];
$fauthorreg = $_POST['firstauthor'];
$coauthorreg = $_POST['coauthor'];
$abstractreg = $_POST['abstract'];
$nameconreg = $_POST['namecon'];
$areareg = $_POST['area'];
$datereg = $_POST['date'];
$startpagereg = $_POST['startpage'];
$endpagereg = $_POST['endpage'];
$countryreg = $_POST['country'];


 $taken = "false";
$database = "publication";
$password = "";
$username = "root";


 $con = mysql_connect('localhost', $username, $password) or die("Unable to connect database");

@mysql_select_db($database, $con) or die(“Unable to connect”);

 mysql_query("INSERT INTO `paper` VALUES('$typereg', '$ptitlereg','$fauthorreg','$coauthorreg','$abstractreg' ,'$nameconreg', '$areareg','$datereg', '$startpagereg', '$endpagereg', '$countryreg' )") or die("Strange Error");

echo "Account Created";

 mysql_close($con);

 header('Location: home.php');

 ?>

form.php

 <?php

$userreg = $_POST['user'];
$passreg = $_POST['pass'];



  $taken = "false";
 $database = "publication";
    $password = "";
     $username = "root";


 if($userreg && $passreg){



 $con = mysql_connect('localhost', $username, $password) or die("Unalbe to connect database");
@mysql_select_db($database, $con) or die("Unalbe to connect");

 mysql_query("INSERT INTO `users` VALUES('', '$userreg', '$passreg')") or die("Strange Error");

  echo "Account Created";

  mysql_close($con);

 header("Location : index.html");

 } else {

  echo "You need to have both a username and password";
   }

?>

create.php

<?php

$userreg = $_POST['user'];
$passreg = $_POST['pass'];
$fnamereg = $_POST['fname'];
$lnamereg = $_POST['lname'];
$desigreg = $_POST['designation'];




$taken = "false";
  $database = "publication";
$password = "";
$username = "root";


if($userreg && $passreg){



 $con = mysql_connect('localhost', $username, $password) or die("Unable to connect database");
 @mysql_select_db($database, $con) or die("Unable to connect");

 mysql_query("INSERT INTO `users` VALUES('', '$userreg','$passreg','$fnamereg','$lnamereg' ,'$desigreg')") or  die("Strange Error");

echo "Account Created";

mysql_close($con);

header('Location: index.html');

 } else {

 echo "You need to have both a username and password";
 }
?>
2

Could you show us the HTML form that gets submitted to form.php?

Edit - so what can you explain the full process? I’m not seeing how form.php is even being used.

3

You’re wide open to SQL Injection attack as you’re letting user-submitted data near the database without sanitizing it. When sending the user submitted data to the db once it’s been sanitized you should be using prepared statements.

You also need to be aware that the old mysql_* extension is deprecated as of version 5.5 of PHP and is being removed from version 7 of PHP

4

On form.php change lines 3 and 4 to check if IS SET for any post keys

$userreg = (isset($_POST['user']) ? $_POST['user'] : '');
$passreg = (isset($_POST['pass']) ? $_POST['pass'] : '');
5

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.