0

I'm getting this error message: Notice: Undefined offset: 1 in C:\xampp\htdocs\evantechbd\secure\content\right_cat_pr.php on line 18. I want get news_id and cat_name from a table.

Here is the html form: 

<?php
include "db.php";
$sql = mysql_query("SELECT * FROM news_cat");
?>

<form action="right_cat_pr.php" method="post" name="right_cat">
<table width="400" border="0" cellspacing="5" cellpadding="5">
<tr>    
<td>News Category Name</td>
<td>
<select name="cat_name">

<?php 
while($row = mysql_fetch_assoc($sql))
{
    $new_id = $row['news_id'];
    $cat_name = $row['cat_name'];
?>
<option "<?php echo $row['news_id'] . '|' . $row['cat_name'] ?>"><?php echo 
$row['cat_name']; ?></option>
<?php   
}
?>
</select>    

</td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input type="submit" value="Submit" name="submit"></td>
</tr>
</table>
</form>

Here is the process page:

<?php   
include "db.php";
$row = explode('|', $_POST['cat_name']);
$news_id = $row[0]; // cat_id
$cat_name = $row[1];            

$query = mysql_query("INSERT INTO right_cat VALUES ('','$news_id','$cat_name')");
        if($query)
        {
        echo "Successfully Inserted your News Category<br/>";
        }
        else
        {
        echo "Something is wrong to Upload";
        }   

?>
Improve this question
4
  • 2
    Not related to your question, but you've got an SQL injection vulnerability there. INSERT INTO right_cat VALUES ('','$news_id','$cat_name'), what happens if $news_id is ffff'); DROP * FROM *;--? Commented Jan 19, 2012 at 3:58
  • @Seventoes +1 on the comment for resisting the urge to reference Little Bobby Tables :) ... as for the question ... The error message means you're referencing an array key that doesn't exist on line 18. If you aren't 100% sure that an array key will exist, you should check that it is valid with empty or isset before referencing it. Commented Jan 19, 2012 at 4:00
  • 1
    Thanks @Seventoes. So what should i do to prevent sql injection? Commented Jan 19, 2012 at 4:03
  • Use php.net/mysql_escape_string on ANY and ALL data that comes from the user. I've also found some good guidelines with a quick Google search, from the University of Rhode Island: uri.edu/webservices/phpGuideline.html#sqlInject Commented Jan 19, 2012 at 4:08

1 Answer 1

Reset to default
2

You should set the option value with <option value="<?php echo $row['news_id'] . '|' . $row['cat_name'] ?>"

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.