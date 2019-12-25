Simply running the user input through
post() isn’t really validating the input. It’s a start, but you need to check the input is what you need it to be, whether that is an alphanumeric string, a date or whatever.
Undefined Index
Thank you for the comments & feedback. I’m pretty new to PHP which is why theres more code than necessary. Unfortunately i don’t yet have the experience to fully understand whats required and whats not. I was actually following this tutorial Tutorial Republic and added more variables etc to suit my project.
In regards to the error log i received. It’s as follows:-
PHP Notice: Undefined index: email in /admin/create.php on line 22
PHP Notice: Undefined index: username in /admin/create.php on line 30
PHP Notice: Undefined index: company in /admin/create.php on line 56
PHP Notice: Undefined index: company_type in /admin/create.php on line 64
PHP Notice: Undefined index: tools_owned in /admin/create.php on line 72
PHP Notice: Undefined index: user_type in /admin/create.php on line 80.
Benanamaen, thanks for your input, as above, i’m quite new to PHP and was following a tutorial.
SamuelCalifornia, thanks for the heads up. I will do moving forward In regards to formatting of code, i think i’ll get used to this in time as i learn more on PHP. The errors are above in the PHP notice. All of the lines with the issue apply to my original post.
John_Betong, thanks for the tips, i’ll do some reading up to figure out how to apply them
Droopsnoot, & Gandalf458. Thank you for explaining, that makes a lot more sense. Are you saying that i need to add the isset function to each of the validation parts? And I need to be more clear and define the type i’m trying to post?
Thanks again all.
I have a feeling that all those undefineds are because the code isn’t considering initial page load. i.e. the first page load is an HTTP GET request so there will be no POST to check for. I guess you could write a whole mess of issets but wrapping in
if($_SERVER['REQUEST_METHOD'] == 'POST') would likely be cleaner.
This is incorrect.
Any empty field will indeed be in the POST array. It will be an empty string. Using isset would also be incorrect since all the fields in a properly coded form (except empty checkboxes) will ALWAYS be isset, therefore, checking with isset is pointless.
The correct method would be to trim the POST array and then check for empty.
On a quick read the tutorial seems OK. If you havent already, click the options for the PDO version of the code and get the tutorial code running as is before you make your modifications.
@spaceshiptrooper, excellent response at the link posted by @Mittineague
You’re quite correct. I am now not sure where I got that from, and why I use
isset() in my form processing code.
Thanks @benanamen. Please can you confirm what the pros of using the PDO version would be? I’ve not done PDO before.
Thanks in advance.
I think and will try for an example that an input POST variable will only be in the
$_POST array if there is an input default value set.
I had it in my head that empty fields would not be passed, and I thought I’d picked it up from here. But I tried a simple form with a few text inputs and a submit button and, sure enough, all fields are passed whether I put something in them or not. As simple as
<form method="post" action="uploadtest.php">
<input type="text" name="desc">
<input type="text" name="email">
<input type="text" name="firstname">
<input type="submit">
</form>
I wasn’t doubting what @benanamen had posted, but I was so sure I’d seen it work that way I had to try it.
In any case, I suspect the problem is as @Mittineague said, the checks are being done whether or not the form has been submitted. Perhaps the OP can confirm at some point.
Perhaps it is when using Get instead of Post the array items do not show?
Nope, they show up in GET forms as well.
I distinctly remember testing for the following and wonder if PHP has changed so that all POST parameters are now shown?
<?php
$first = isset( $_POST['first'] ) ? $_POST['first'] : '$first not set';
$second = isset( $_POST['second'] ) ? $_POST['second'] : '$second not set';
$third = isset( $_POST['third'] ) ? $_POST['third'] : '$third not set';
It hasn’t changed. I did pretty much the same thing back in the day. We were probably just victims of bad tutorials and not knowing better. I was just looking through some old code the other day from way back and lol’d at myself for a block code very much like what you posted but worse since it was back in the day of magic variables from POST with register_globals.
It still might make sense to do it though, in case people using something other than a website (like cURL) to “fill in” your form, but leave out certain fields.
If you don’t check for that you would get a server error, which may or may not be the desired response to non-website traffic.
Getting beyond basic form and processing code you would want to create a whitelist array of expected fields and compare that to the POST array which will also handle the case of cURL usage. There are several reasons for it but that is beyond the scope of the OP.
Oh well, at least it’s not something I imagined.
Thanks all. I used the isset method instead and it worked like a charm.
No, it does not work like a charm. It is doing absolutely nothing. Did you not read what I posted?
That’s like doing a test verifying if fire is hot. It is completely pointless. Fire is always hot just like form fields are always set.
What you are doing is basically asking if true is equal to true then do something. Does that make any sense to you?
Once again, trim the post array and then check for empty. Simple as that.
Ok. Makes sense. Please can you show me in the code how you think it should be done. I’m new to PHP so still trying to figure it all out.
Before I just hand you some code, look up the trim and empty function and then try a couple small code samples using them so you can understand how they work. The manual is your friend here.
