0

I am trying to update a record on my customer mysql table. However I get the following errors:

Notice: Undefined index: username in E:\EasyPHP-12.1\www\Register1.php on line 313

Notice: Undefined variable: db_password in E:\EasyPHP-12.1\www\Register1.php on line 315 error updating record

I can't see anything wrong with my code. And have been looking at it for a few hours with no luck.

<div class="footer">
  <img src="images/gardening5.jpg" alt="Image">
  <div>
    <h1>Tips of the Week</h1>
    <form method= "get">
      <form method="get">
      <p>Username:
        <input name="username" type="text">
        </p>
      </form>
      <p>
      <form method="get">
        <p>Password:
          <input name="password" type="password">
        </p>
        <p>First Name:
          <input name="first name" type="first name">
        </p>
        <p>Last Name:
           <input name="last name" type="last name">
        </p>
        <p>1st Line of Address:
          <input name="1st line of address" type="1st line of address">
        </p>
        <p>2nd Line of Address:
          <input name="2nd line of address" type"2nd line of address">
        </p>
        <p>Town:
           <input name="town" type"town">
        </p>
        <p>PostCode:
          <input name="postcode" type="postcode">
        </p>
        <p>Phone Number
          <input name="phone_number" type="phone_number">
        </p>
        <p>
          <input name="submit3" type="submit" value="update customer record">
        </p>
       </form>
     </form>
<?php
  $host="localhost"; // Host name
  $tbl_name="customer"; // Table name
  $db_user="root";
  $db_pass="";

  $connect = mysql_connect("$host", "$db_user", "$db_pass");
  $db_name="the_shop"; // Database name
  mysql_select_db("$db_name");

  if(isset($_GET['submit3'])){

    $db_username = $_GET['username'];

    $sql3 = "UPDATE `customer` SET `Password`='.$db_password.' WHERE `Username`='.$db_username.";
    $result3 = mysql_query($sql3);

    mysql_query($sql3) or die('error updating record');
    echo $sql3;
  }
?>
Improve this question
3
  • You have several forms embedded into one parent form. You only need one. Commented May 10, 2013 at 22:21
  • 1
    And, in addition, your code is vulnerable to SQL injections. Moreover, there is no need to use statements like "$host" rather than simple $host Commented May 10, 2013 at 22:31
  • Please don't pass $_GET or $_POST variables into your sql strings. You will be vulnerable to sql injection. Commented May 10, 2013 at 23:18

3 Answers 3

Reset to default
2

  1. The username field in your HTML is in a different form than the submit button, so it's not being sent along with the rest of the fields.

  2. You have no $db_password variable; you do have a $db_pass variable. Is that what you meant?

  3. For requests that modify data, you should really use POST, not GET requests.

As noted in the comments:

You should use $db_password = $_GET['password'], and correct the quotes as in peterm and Mehdi's answers.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

One comment. @Chris should use $db_password = $_GET['password']. $db_pass is a database credential, not users password
Also, there is possible concatenation in query with inappropriate use of different qoutes type - see @peterm answer
4. Opening a SQL connection before even checking if $_GET['submit3'] is true. 5. Using deprecated mysql extension is discouraged. 6. No error checking at all. 7. Vulnerable to SQL injections.
1

There are several problems with your code:

You're not getting username parameter with GET method. html markup should be corrected to properly define one form instead of having several.

You don't have $db_password variable defined. It's probably meant to be 

$db_password = $_GET['password'];

There is invalid concatenation in $sql3.Therefore change 

$sql3 = "UPDATE `customer` SET `Password`='.$db_password.' WHERE `Username`='.$db_username.";

to 

$sql3 = "UPDATE `customer` SET `Password`='$db_password' WHERE `Username`='$db_username'";
Improve this answer

4 Comments

$db_password is not defined here
@Timur That's exactly what I said. html markup should be corrected to properly define form.
There was no $db_password = $_GET['password']; line in your answer when commented. Your answer is good now, yes
thanks I can't believe I missed all of that xD The reason for the form nesting was because I wanted to distinguish between where the user enters the username and where the changed details are entered
0

your query should be like below :

$sql3 = "UPDATE `customer` SET `Password`='".$db_password."' 
WHERE `Username`='".$db_username."'";
Improve this answer

1 Comment

and db_password is not set and there is nested forms going on in the markup... the username field is in its own form so the first warning you are getting is because it's not being posted over

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.