0

Complete Newbie to PHP, but trying to do a simple form submit to a MySQL Database. I keep getting the Notice: Undefined index: warning on my form input variables. What could be issue here. The form is on a seperate PHP page submitting to the process.php file.

Form Code:

<form name="example" id="example" method="POST" action="process.php" enctype="multipart/form-data">
    <p>
        <label for="first_name">First Name:</label>
        <input size="20" name="first_name" id="first_name" />
    </p>
    <p>
        <label for="city">city</label>
        <input size="20" name="city" id="city" />
    </p>
    <p>
        <label for="state">state</label>
        <input size="20" name="state" id="state" />
    </p>
    <p>
        <label for="zip">zip</label>
        <input size="20" name="zip" id="zip" />
    </p>
    <p>
        <label for="email">e-mail</label>
        <input size="20" name="email" id="email" />
    </p>
    <p>
        <label for="form_upload">file</label>
        <input size="40" type="file" name="form_data" id="form_data" />
    </p>
    <p>
        <input type="submit" value="Submit form" name="submit" />
    </p>
</form>

Process.php

<?php
   mysql_connect("localhost", 'root', '') or die('Could not connect:' . mysql_error());
   mysql_select_db("practice") or die(mysql_error());
   mysql_query("CREATE TABLE user (id INT(5)NOT NULL AUTO, name VARCHAR(30), email     VARCHAR(40), city VARCHAR(40), state VARCHAR(3), zip INT(5) )");
   if (isset($_POST)) {
       $name  = $_POST['first_name'];
       $email = $_POST['email'];
       $city  = $_POST['city'];
       $state = $_POST['state'];
       $zip   = $_POST['zip'];
   }
   mysql_query("INSERT INTO user VALUES('$name', '$email', '$city', '$state', '$zip')");
?>
Improve this question
10
  • 1
    All mysql_ functions in php are deprecated. Use PDO or mysqli instead. Commented Sep 25, 2013 at 18:52
  • What index is undefined according to the error message? Commented Sep 25, 2013 at 18:53
  • Also, every time you submit a form in our example, you create a table. You should check if it doesn't exist yet before creating. Commented Sep 25, 2013 at 18:54
  • Which lines specifically are giving you the notice? As an side, you need to read up on how to prevent SQL injection attacks, as you code is vulnerable now. Also, since you are just learning PHP, leanr the right way and don't use deprecated mysql_* functions. I would suggest mysqli or PDO for working with the database. Commented Sep 25, 2013 at 18:54
  • You are vulnerable to SQL injection attacks. Commented Sep 25, 2013 at 18:55

1 Answer 1

Reset to default
1

i guess you should change this 

    if (isset($_POST)){

and give an index like that

  if (isset($_POST['submit'])){

and also

change the query to

  mysql_query("INSERT INTO user (name , email, city,state, zip)
               VALUES('$name', '$email', '$city', '$state', '$zip')" );

and you should escape your variables like that before inserting them.

  $name = mysql_real_escape_string($name) ;
 // and so on

last thing is why you create table everytime you submit ? you should check if exist .

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

When using mysql_query, which is a super bad idea to start with, it's probably better to compose the query with sprintf and a long list of mysql_real_escape_string calls afterwards. Ugly but necessary.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.