SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Member
    Join Date
    Apr 2013
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Undefined Index Issue

    i am doing project in php and mySqll i am getting error like Undefined index: route in C:\wamp\www\new22\list.php on line 222.
    my code is as follows
    PHP Code:
    <?php
    $url 
    $_POST["route"];
    $user_name "root";
        
    $password "";
        
    $database "locations";
        
    $server "127.0.0.1";

    $db_handle mysql_connect($server$user_name$password);
    $db_found mysql_select_db($database$db_handle) or die(mysql_error);

    if (
    $db_found) {

    $SQL "select * from notes where route='$url'";
    $result mysql_query($SQL) or die(mysql_error);
    echo 
    "<table border=1>";
    echo 
    "<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Name</td>
    <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ADDRESS</td><td>ROUTE</td></tr>"
    ;

    while (
    $db_field mysql_fetch_assoc($result)) {
    echo 
    "<tr>";
    echo 
    "<td>".$db_field['name'] . "</td>";
    echo 
    "<td>".$db_field['address'] . "</td>";
    echo 
    "<td>".$db_field['route'] . "</td>";
    echo 
    "</tr>";
    }

    echo 
    "</table>";
    mysql_close($db_handle);

    }
    else {

    print 
    "Database NOT Found ";
    mysql_close($db_handle);
    }



    ?> 
    </td></tr>    
            
    </table>

        </div>


    please tell me how i can resolve this problem.
    thanku
    Last edited by cpradio; Apr 22, 2013 at 07:38.

  2. #2
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    England
    Posts
    698
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Since you've only provided 46 lines of code it will be difficult to be precise, but I would suggest that you look at line 222 of list.php

    What I expect that you'll find is that something like your line 2 above ($url = $_POST["route"];) will be referring to a value that is missing. Basically, if $_POST["route"] is not set, then you will get that error. You should really change that line to put in a default action when it's not sent. For example:
    Code PHP:
    $url = isset($_POST['route']) ? $_POST['route'] : 'default';
    This means that if $_POST['route'] is not set, that it will fall back to 'default', which you can then handle further on

  3. #3
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    England
    Posts
    698
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    On a related note, you really didn't ought to allow data to be passed via $_POST and then inject it straight into a MySQL query. It allows what is called an "SQL Injection Attack". It's much better to do something like this:
    Code PHP:
    switch (@$_POST["route"]){
        case 'route1':
            $url = 'this/url';
            break;
        case 'route2':
            $url = 'that/url';
            break;
        case 'route3':
            $url = 'this/other/url';
            break;
        default:
            $url = 'index/url';
    }
    $SQL = "select * from notes where route='$url'"
    What we're doing differently here is hard coding the URLs in. No matter what you post in "route" you can never interfere with the SQL that you generate. You know for sure that one of three options will be selected because the correct information has been provided, or else the default value will be selected. There is no way to attack this. Also note that I changed $_POST["route"] by adding an @ at the front? That will suppress the error you get when $_POST['route'] isn't already set, so this will still work

  4. #4
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    5,029
    Mentioned
    103 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Antnee View Post
    On a related note, you really didn't ought to allow data to be passed via $_POST and then inject it straight into a MySQL query. It allows what is called an "SQL Injection Attack".
    In any case the OP needs to migrate away from the mysql_* extension as it's depreceated as of the current version of PHP, they should be now using either the mysqli_* extension or PDO, either of which enable the use of prepared statements
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  5. #5
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    England
    Posts
    698
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Agreed

  6. #6
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    England
    Posts
    698
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    BTW, the original MySQL library is deprecated as of PHP 5.5, not 5.4. Although I do agree that we should be moving on to MySQLi or PDO by now, and that not properly escaping/preparing statements is bad, the rush to switch from the original MySQL functions isn't quite as urgent

  7. #7
    SitePoint Zealot 2ndmouse's Avatar
    Join Date
    Jan 2007
    Location
    West London
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    'Undefined index' is actually a notice, not an error. You can use isset(), as suggested. You can also suppress these warnings with:
    error_reporting(E_ALL ^ E_NOTICE);
    at the top of your file.
    Detect file changes remotely. SimpleSiteAudit is an early
    warning anti-hacker system which sends an alert on detection.

    PHP Find Orphan Files - Finds all the unreferenced files on your site.

  8. #8
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    England
    Posts
    698
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Personally I would discourage suppressing like that because I feel that with notices enabled that you are encouraged to a) code better and b) if you do need to suppress individually with @$var then at least you are aware and it's all deliberate. Doesn't take away from the fact that you CAN do it, I just don't recommend it. Feels... lazy

  9. #9
    SitePoint Zealot 2ndmouse's Avatar
    Join Date
    Jan 2007
    Location
    West London
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Antnee View Post
    Personally I would discourage suppressing like that because I feel that with notices enabled that you are encouraged to a) code better and b) if you do need to suppress individually with @$var then at least you are aware and it's all deliberate. Doesn't take away from the fact that you CAN do it, I just don't recommend it. Feels... lazy
    Agreed - it is a lazy solution, but usable for non-critical stuff.

    I've seen these notices being returned for such things as not enclosing an array index in single quotes, e.g. array[index] instead of array['index']. I think the quotes are mandatory as of php 5.4
    Detect file changes remotely. SimpleSiteAudit is an early
    warning anti-hacker system which sends an alert on detection.

    PHP Find Orphan Files - Finds all the unreferenced files on your site.

  10. #10
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    England
    Posts
    698
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Yeah, I used to make that mistake occasionally with arrays many years back when I first had to work on a site where warnings were shown. Soon got out of that habit and I think I'm a better developer for it


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •