Build Your Own Database Driven Website: Chapter 3

Hi Guys,

I feel like I am going to be posting here on a daily basis for the near future. I am currently on chapter three and it is having me write a php file and an html file with the end result being a website that says “Welcome to our website, Kevin!”

What I get is:

“Notice: Undefined index: name in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\welcome1.php on line 12
Welcome to our web site, !”

I even get this when I copy and paste the code given directly from the website for the book. I have a notice at the top follwed by the result without the name.

In chapter two when trying to have the day of the week date and time show I got this:

“Today’s date (according to this web server) is
Warning: date() [function.date]: It is not safe to rely on the system’s timezone settings. You are required to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected ‘America/Chicago’ for ‘-5.0/DST’ instead in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\ oday.php on line 13
Monday, July 11th 2011.”

Again, a large notice with the result.

Thank you in advance for your help!

Regarding the second error you should set the default timezone in your php.ini file.
Open that file from where PHP is installed and look for the [Date] section.

Add, or uncomment a line that looks like this:


; Defines the default timezone used by the date functions
date.timezone = Australia/Queensland

Change Australia/Queensland to the value most suitable for you. Find values here.

For the first error, post your code, a lot of people won’t have the book.
Undefined index means your trying to access an array key which doesn’t exist.

e.g.


$myArray = ('stuff', 'thing');
echo $myArray[2]; //error 2 doesn't exist

Mike,

Thank you for your help. I fixed the issue with the date/time.

Here is my PHP code

<?php
	$name = $_GET['name'];
	echo 'Welcome to our web site, ' . 
		htmlspecialchars($name, ENT_QUOTES, 'UTF-8') . '!';
?>

The result of this is:

Notice: Undefined index: name in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\welcome2.php on line 12
Welcome to our web site, !

Line 12 of my code is:

$name = $_GET['name'];

Hope this is clear. I am also trying to learn how to best communicate through the forum.

Thanks again for your help and quick response!

Sure is. $_GET is the array. $_GET[‘name’] does not exist.
Are you using a RewriteRule to create fancy URLs?

If not your URL would need to have ?name=somethingorother for that to work. Does it?

I am going to try to explain why I have the code I have through this post.
Following the book, my original code was below for the file welcome1.php:

<?php
			$name = $_GET['name'];
			echo 'Welcome to our web site, ' . 
				htmlspecialchars($name, ENT_QUOTES, 'UTF-8') . '!';
			?>

As explained in the book this is a security threat because while I type in the address http://localhost/welcome1.php, my address will end up being http://localhost/welcome1.php?name=Kevin which could be edited by someone with ill intent. My web address never changes from welcome1.php to welcome1.php?name=Kevin.

I did type the entire address http://localhost/welcome1.php?name=Kevin and it did work. From reading the book though it seems like I am cheating to get the correct result. I think I should only have to type http://localhost/welcome1.php

They then suggest the code I gave you in the previous post as welcome2.php to fix the security threat.

To go more into the theory of how this should work, to address your question of a “RewriteRule to create a fancy URL” (not exactly sure what that means). By starting with $name, I am making it so whenever I referance $name, I am asking for the data in the array $_GET (I am asking for ‘name’). The data in the array $_GET can be found in my welcome1.html file that says the name=Kevin.

Again, thanks for all your help. Please let me know if I am on the right track!

I think the security issue you’re alluding to is solved by calling htmlspecialchars as you are.

$_GET[‘name’] still needs to exist though, and clearly it doesn’t. That is the cause of your error.
You can prove it by adding this line above $name = $_GET[‘name’]


var_dump($_GET);

It will be an empty array until you add ?name=Kevin to your URL

Initializing a variable is a must no matter if you want to avoid security issues or error log entires - because depending on your server’s configuration it will complain about using variables that don’t exist.

Here are some ways to avoid that notice about the missing variable:

<?php
if (isset($_GET['name'])) {
   $name = htmlspecialchars($_GET['name'], ENT_QUOTES, 'UTF-8');
} else {
   $name = 'Guest';
}
echo 'Welcome to our web site, ' . $name . '!';
?>

or

<?php
$name = isset($_GET['name']) ? htmlspecialchars($_GET['name'], ENT_QUOTES, 'UTF-8') : 'Guest';
echo 'Welcome to our web site, ' . $name . '!';
?>

Thank you for your help! I didn’t want to respond till I was sure I understood what was wrong. I am almost 100% sure I get it. Now that I understand this, I am sure I will run into a new question today!

Thanks again, and look for my next post! =)