SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Member
    Join Date
    Jul 2011
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Build Your Own Database Driven Website: Chapter 3

    Hi Guys,

    I feel like I am going to be posting here on a daily basis for the near future. I am currently on chapter three and it is having me write a php file and an html file with the end result being a website that says "Welcome to our website, Kevin!"

    What I get is:

    "Notice: Undefined index: name in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\welcome1.php on line 12
    Welcome to our web site, !"

    I even get this when I copy and paste the code given directly from the website for the book. I have a notice at the top follwed by the result without the name.

    In chapter two when trying to have the day of the week date and time show I got this:

    "Today’s date (according to this web server) is
    Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/Chicago' for '-5.0/DST' instead in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\today.php on line 13
    Monday, July 11th 2011."

    Again, a large notice with the result.

    Thank you in advance for your help!

  2. #2
    SitePoint Wizard cranial-bore's Avatar
    Join Date
    Jan 2002
    Location
    Australia
    Posts
    2,634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Regarding the second error you should set the default timezone in your php.ini file.
    Open that file from where PHP is installed and look for the [Date] section.

    Add, or uncomment a line that looks like this:
    Code:
    ; Defines the default timezone used by the date functions
    date.timezone = Australia/Queensland
    Change Australia/Queensland to the value most suitable for you. Find values here.

    For the first error, post your code, a lot of people won't have the book.
    Undefined index means your trying to access an array key which doesn't exist.

    e.g.
    PHP Code:
    $myArray = ('stuff''thing');
    echo 
    $myArray[2]; //error 2 doesn't exist 
    mikehealy.com.au
    diigital.com art, design . Latest WorkSaturday Morning

  3. #3
    SitePoint Member
    Join Date
    Jul 2011
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Mike,

    Thank you for your help. I fixed the issue with the date/time.

    Here is my PHP code

    Code:
    <?php
    	$name = $_GET['name'];
    	echo 'Welcome to our web site, ' . 
    		htmlspecialchars($name, ENT_QUOTES, 'UTF-8') . '!';
    ?>
    The result of this is:

    Notice: Undefined index: name in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\welcome2.php on line 12
    Welcome to our web site, !
    Line 12 of my code is:

    Code:
    $name = $_GET['name'];
    Hope this is clear. I am also trying to learn how to best communicate through the forum.

    Thanks again for your help and quick response!

  4. #4
    SitePoint Wizard cranial-bore's Avatar
    Join Date
    Jan 2002
    Location
    Australia
    Posts
    2,634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sure is. $_GET is the array. $_GET['name'] does not exist.
    Are you using a RewriteRule to create fancy URLs?

    If not your URL would need to have ?name=somethingorother for that to work. Does it?
    mikehealy.com.au
    diigital.com art, design . Latest WorkSaturday Morning

  5. #5
    SitePoint Member
    Join Date
    Jul 2011
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I am going to try to explain why I have the code I have through this post.
    Following the book, my original code was below for the file welcome1.php:

    PHP Code:
    <?php
                $name 
    $_GET['name'];
                echo 
    'Welcome to our web site, ' 
                    
    htmlspecialchars($nameENT_QUOTES'UTF-8') . '!';
                
    ?>
    As explained in the book this is a security threat because while I type in the address http://localhost/welcome1.php, my address will end up being http://localhost/welcome1.php?name=Kevin which could be edited by someone with ill intent. My web address never changes from welcome1.php to welcome1.php?name=Kevin.

    I did type the entire address http://localhost/welcome1.php?name=Kevin and it did work. From reading the book though it seems like I am cheating to get the correct result. I think I should only have to type http://localhost/welcome1.php

    They then suggest the code I gave you in the previous post as welcome2.php to fix the security threat.

    To go more into the theory of how this should work, to address your question of a "RewriteRule to create a fancy URL" (not exactly sure what that means). By starting with $name, I am making it so whenever I referance $name, I am asking for the data in the array $_GET (I am asking for 'name'). The data in the array $_GET can be found in my welcome1.html file that says the name=Kevin.

    Again, thanks for all your help. Please let me know if I am on the right track!

  6. #6
    SitePoint Wizard cranial-bore's Avatar
    Join Date
    Jan 2002
    Location
    Australia
    Posts
    2,634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think the security issue you're alluding to is solved by calling htmlspecialchars as you are.

    $_GET['name'] still needs to exist though, and clearly it doesn't. That is the cause of your error.
    You can prove it by adding this line above $name = $_GET['name']
    PHP Code:
    var_dump($_GET); 
    It will be an empty array until you add ?name=Kevin to your URL
    mikehealy.com.au
    diigital.com art, design . Latest WorkSaturday Morning

  7. #7
    SitePoint Enthusiast kneekoo's Avatar
    Join Date
    Dec 2010
    Location
    Bucharest, Romania
    Posts
    45
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Initializing a variable is a must no matter if you want to avoid security issues or error log entires - because depending on your server's configuration it will complain about using variables that don't exist.

    Here are some ways to avoid that notice about the missing variable:
    PHP Code:
    <?php
    if (isset($_GET['name'])) {
       
    $name htmlspecialchars($_GET['name'], ENT_QUOTES'UTF-8');
    } else {
       
    $name 'Guest';
    }
    echo 
    'Welcome to our web site, ' $name '!';
    ?>
    or
    PHP Code:
    <?php
    $name 
    = isset($_GET['name']) ? htmlspecialchars($_GET['name'], ENT_QUOTES'UTF-8') : 'Guest';
    echo 
    'Welcome to our web site, ' $name '!';
    ?>

  8. #8
    SitePoint Member
    Join Date
    Jul 2011
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you for your help! I didn't want to respond till I was sure I understood what was wrong. I am almost 100% sure I get it. Now that I understand this, I am sure I will run into a new question today!

    Thanks again, and look for my next post! =)


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •