Undefined Index

Hi All. I’m having a bit of trouble with a PHP undefinded index error on my create.php page. Please could someone cast their eye over the following and advise where i’m going wrong.

Thank you in advance.

// Validate email=
    $input_email = trim($_POST["email"]);
    if(empty($input_email)){
        $email_err = "Please enter an email address.";     
    } else{
        $email = $email;
    }

    // Validate username
    $input_username = trim($_POST["username"]);
    if(empty($input_username)){
        $username_err = "Please enter an address.";     
    } else{
        $username = $input_username;
    }

    // Validate password
    $input_password = trim($_POST["password"]);
    if(empty($input_password)){
        $password_err = "Please enter a password. Make sure to ask the dealer to change it afterwards.";     
    } else{
        $password = $input_password;
    }

    // Validate contact
    $input_contact = trim($_POST["contact"]);
    if(empty($input_contact)){
        $contact_err = "Please enter the contact no.";     
    } elseif(!ctype_digit($input_contact)){
        $contact_err = "Please enter the contact no.";
    } else{
        $contact = $input_contact;
    }
    
    // Validate company
    $input_company = trim($_POST["company"]);
    if(empty($input_company)){
        $company_err = "Please enter a company name.";     
    } else{
        $company = $input_company;
    }

    // Validate company type
    $input_company_type = trim($_POST["company_type"]);
    if(empty($input_company_type)){
        $company_type_err = "Please enter a company type.";     
    } else{
        $company_type = $input_company_type;
    }

    // Validate tools owned
    $input_tools_owned = trim($_POST["tools_owned"]);
    if(empty($input_tools_owned)){
        $tools_owned_err = "Please enter tools owned by the dealer.";
    } else{
        $tools_owned = $input_tools_owned;
    }

    // Validate user type
    $input_user_type = trim($_POST["user_type"]);
    if(empty($input_user_type)){
        $user_type_err = "Please enter tools owned by the dealer.";
    } else{
        $user_type = $input_user_type;
	}

You have at least 50% more code than you need.

  1. Trim the post array all at once.
  2. Stop creating variables for nothing
  3. Errors should go into an error array and then looped over if the array is not empty.
  4. $email appears out of nowhere.
 $email = $email

Really? A variable named $email equals the same variable named $email?

2 Likes

You don’t tell us where the error is occurring. For the future please ensure you specify that. Since you do not specify what line the error is occurring on, I will assume that benanamen has spot the problem.

As for formatting of code, stuff like that is a matter of personal style. If the difference in style just determines whether more or less code is in one line (but the computer executes nearly the same amount of code) then style has little influence on what the computer does.

A separate subject for a separate discussion, I am not sure whether the logic will know whether there is an error and I am not sure if the user will see all relevant errors or just one. You will learn how to deal with things like that with experience.

1 Like

It was a mistake. Be a little understanding.

1 Like

Php has some very good builtin debugging tools:

Tip: #1

If you are using Php 7 then first add this line at the start of every problematic file:

<?php define(strict_types=1);

Tip: #2

Add a break in the script to show progress then halt program execution:

echo '<br>Line: ' .__LINE__; die; 

Tip: #3

Show variable contents and halt program execution

echo '<pre>'; print_r($any_variable_name); die; // pre adds line feeds

Tip: #4

Verbose print_f(…) and show variable types

echo '<pre>'; var_dump($any_variable_name); die; // pre adds line feeds

Tip: #5

Include a debug file:

  1. with the following functions
  2. function names are easy to type and remember

file: fred.php

<?php define(strict_types=1);
// just in case these are not set in your php.ini file
error_reporting(-1); // sets maximum errors
ini_set('display_errors', '1'); // show errors on screen


functtion fred($val = 'Missing variable???')
{
// over-ride default screen colours just in case 
echo '<hr><hr><pre style="background:yellow; color: #000;">';
  echo print_r($val);
echo '</pre><hr><hr>';
}

functtion vd($val = 'Missing variable???')
{
// over-ride default screen colours just in case 
echo '<hr><hr><pre style="background:yellow; color: #000;">';
  echo var_dump($val);
echo '</pre><hr></hr>';
}
1 Like

You’re going along the right line by checking to see whether each field is empty, but by the time you check, you’ve already tried to access each array element. The problem is that if your user leaves a form field blank, it isn’t submitted as part of the $_POST array, so when you try to access it, you’ll get undefined index as you are doing. Read up on the isset() function which will allow to you check for that happening.

2 Likes

Simply running the user input through post() isn’t really validating the input. It’s a start, but you need to check the input is what you need it to be, whether that is an alphanumeric string, a date or whatever.

1 Like

Hi All

Thank you for the comments & feedback. I’m pretty new to PHP which is why theres more code than necessary. Unfortunately i don’t yet have the experience to fully understand whats required and whats not. I was actually following this tutorial Tutorial Republic and added more variables etc to suit my project.

In regards to the error log i received. It’s as follows:-
PHP Notice: Undefined index: email in /admin/create.php on line 22
PHP Notice: Undefined index: username in /admin/create.php on line 30
PHP Notice: Undefined index: company in /admin/create.php on line 56
PHP Notice: Undefined index: company_type in /admin/create.php on line 64
PHP Notice: Undefined index: tools_owned in /admin/create.php on line 72
PHP Notice: Undefined index: user_type in /admin/create.php on line 80.

Benanamaen, thanks for your input, as above, i’m quite new to PHP and was following a tutorial.

SamuelCalifornia, thanks for the heads up. I will do moving forward :wink: In regards to formatting of code, i think i’ll get used to this in time as i learn more on PHP. The errors are above in the PHP notice. All of the lines with the issue apply to my original post.

John_Betong, thanks for the tips, i’ll do some reading up to figure out how to apply them :slight_smile:

Droopsnoot, & Gandalf458. Thank you for explaining, that makes a lot more sense. Are you saying that i need to add the isset function to each of the validation parts? And I need to be more clear and define the type i’m trying to post?

Thanks again all.

I have a feeling that all those undefineds are because the code isn’t considering initial page load. i.e. the first page load is an HTTP GET request so there will be no POST to check for. I guess you could write a whole mess of issets but wrapping in if($_SERVER['REQUEST_METHOD'] == 'POST') would likely be cleaner.

1 Like

This is incorrect.

Any empty field will indeed be in the POST array. It will be an empty string. Using isset would also be incorrect since all the fields in a properly coded form (except empty checkboxes) will ALWAYS be isset, therefore, checking with isset is pointless.

The correct method would be to trim the POST array and then check for empty.

On a quick read the tutorial seems OK. If you havent already, click the options for the PDO version of the code and get the tutorial code running as is before you make your modifications.

@spaceshiptrooper, excellent response at the link posted by @Mittineague

1 Like

You’re quite correct. I am now not sure where I got that from, and why I use isset() in my form processing code.

Thanks @benanamen. Please can you confirm what the pros of using the PDO version would be? I’ve not done PDO before.

Thanks in advance.

I think and will try for an example that an input POST variable will only be in the $_POST array if there is an input default value set.

I had it in my head that empty fields would not be passed, and I thought I’d picked it up from here. But I tried a simple form with a few text inputs and a submit button and, sure enough, all fields are passed whether I put something in them or not. As simple as

<form method="post" action="uploadtest.php">
<input type="text" name="desc">
<input type="text" name="email">
<input type="text" name="firstname">
<input type="submit">
</form>

I wasn’t doubting what @benanamen had posted, but I was so sure I’d seen it work that way I had to try it.

In any case, I suspect the problem is as @Mittineague said, the checks are being done whether or not the form has been submitted. Perhaps the OP can confirm at some point.

Perhaps it is when using Get instead of Post the array items do not show?

Nope, they show up in GET forms as well.

1 Like

I distinctly remember testing for the following and wonder if PHP has changed so that all POST parameters are now shown?

<?php
$first  = isset( $_POST['first'] )  ? $_POST['first']  : '$first not set';
$second = isset( $_POST['second'] ) ? $_POST['second'] : '$second not set';
$third  = isset( $_POST['third'] )  ? $_POST['third']  : '$third not set';

It hasn’t changed. I did pretty much the same thing back in the day. We were probably just victims of bad tutorials and not knowing better. I was just looking through some old code the other day from way back and lol’d at myself for a block code very much like what you posted but worse since it was back in the day of magic variables from POST with register_globals.

3 Likes

It still might make sense to do it though, in case people using something other than a website (like cURL) to “fill in” your form, but leave out certain fields.
If you don’t check for that you would get a server error, which may or may not be the desired response to non-website traffic.

Getting beyond basic form and processing code you would want to create a whitelist array of expected fields and compare that to the POST array which will also handle the case of cURL usage. There are several reasons for it but that is beyond the scope of the OP.

1 Like