Php errors please help find errors

queos · October 9, 2013, 10:35pm

Can anyone please help I’m having an index error with my php code.
When I run the code I get the errors

Notice: Undefined index: name in C:\Program Files\EasyPHP-5.3.9\www\Authentication1\update1_ac.php on line 9

Notice: Undefined index: surname in C:\Program Files\EasyPHP-5.3.9\www\Authentication1\update1_ac.php on line 10

Notice: Undefined index: contact_number in C:\Program Files\EasyPHP-5.3.9\www\Authentication1\update1_ac.php on line 11

Notice: Undefined index: email in C:\Program Files\EasyPHP-5.3.9\www\Authentication1\update1_ac.php on line 12

Notice: Undefined index: position in C:\Program Files\EasyPHP-5.3.9\www\Authentication1\update1_ac.php on line 13

Notice: Undefined index: user_name in C:\Program Files\EasyPHP-5.3.9\www\Authentication1\update1_ac.php on line 14

Notice: Undefined index: password in C:\Program Files\EasyPHP-5.3.9\www\Authentication1\update1_ac.php on line 15
Successful
View result

I can’t see what the problem is

//the first code list.php
    
    <font color="green"><h1 align="center">List of player in AB Sports Database</h1></font>
    
    <?php
    $host="localhost"; // Host name 
    $username="root"; // Mysql username 
    $password=""; // Mysql password 
    $db_name="administrator"; // Database name 
    $tbl_name="players"; // Table name 
    
    // Connect to server and select database.
    mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
    mysql_select_db("$db_name")or die("cannot select DB");
    
    $sql="SELECT * FROM $tbl_name";
    $result=mysql_query($sql);
    ?>
    
    <table width="400" border="0" cellspacing="1" cellpadding="0">
    <tr>
    <td>
    <table width="400" border="1" cellspacing="0" cellpadding="3">
    <tr>
    <td colspan="4"><strong>List data from mysql </strong> </td>
    </tr>
    
    <tr>
    <td align="center"><strong>Name</strong></td>
    <td align="center"><strong>Surname</strong></td>
    <td align="center"><strong>Contact_Number</strong></td>
    <td align="center"><strong>Email</strong></td>
    <td align="center"><strong>Position</strong></td>
    <td align="center"><strong>User_Name</strong></td>
    <td align="center"><strong>Password</strong></td>
    <td colspan='2'><strong>Action</strong></td>
    
    </tr>
    
    <?php
    while($rows=mysql_fetch_array($result)){
    ?>
    
    <tr>
    <td><?php echo $rows['name']; ?></td>
    <td><?php echo $rows['surname']; ?></td>
    <td><?php echo $rows['contact_number']; ?></td>
    <td><?php echo $rows['email']; ?></td>
    <td><?php echo $rows['position']; ?></td>
    <td><?php echo $rows['user_name']; ?></td>
    <td><?php echo $rows['password']; ?></td>
     
    <td align="center"><a href="update_player2.php?player_id=<?php echo $rows['player_id']; ?>">Edit Player</a></td>
    <td align="center"><a href="delete_player_form.php?player_id=<?php echo $row['player_id'];?>">Delete Player</a> </td>";
    </tr>
    
    <?php
    }
    ?>
    
    </table>
    </td>
    </tr>
    </table>
    
    <?php
    mysql_close();
    ?>
    
    
    
    
    //the second code update_player2.php
    
    <?php
    error_reporting(0);
    $host="localhost"; // Host name 
    $username="root"; // Mysql username 
    $password=""; // Mysql password 
    $db_name="administrator"; // Database name 
    $tbl_name="players"; // Table name
    
    // Connect to server and select database.
    mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
    mysql_select_db("$db_name")or die("cannot select DB");
    
    // get value of id that sent from address bar
    $player_id=$_GET['player_id'];
    
    // Retrieve data from database 
    
    $sql="SELECT * FROM $tbl_name WHERE player_id='$player_id'";
    $result=mysql_query($sql);
    $rows=mysql_fetch_array($result);
    ?>
    
    <table width="500" border="0" cellspacing="1" cellpadding="0">
    <tr>
    <form name="form1" method="post" action="update1_ac.php">
    <td>
    <table width="100%" border="0" cellspacing="1" cellpadding="0">
    <tr>
    <td>&nbsp;</td>
    <td colspan="7"><strong>Update data in mysql</strong> </td>
    </tr>
    <tr>
    <td align="center">&nbsp;</td>
    <td align="center">&nbsp;</td>
    <td align="center">&nbsp;</td>
    <td align="center">&nbsp;</td>
    </tr>
    <tr>
    <td align="center">&nbsp;</td>
    
    <td align="center"><strong>Name</strong></td>
    <td align="center"><strong>Surname</strong></td>
    <td align="center"><strong>Contact_Number</strong></td>
    <td align="center"><strong>Email</strong></td>
    <td align="center"><strong>Position</strong></td>
    <td align="center"><strong>User_Name</strong></td>
    <td align="center"><strong>Password</strong></td>
    </tr>
    <tr>
    <td>&nbsp;</td>
    <td align="center">
    <input name="Name" type="text" id="name" value="<?php echo $rows['name']; ?>" size="15">
    </td>
    <td align="center">
    <input name="Surname" type="text" id="surname" value="<?php echo $rows['surname']; ?>" size="15">
    </td>
    <td>
    <input name="Contact_Number" type="text" id="number" value="<?php echo $rows['contact_number']; ?>" size="15">
    </td>
    <td>
    <input name="Email" type="text" id="email" value="<?php echo $rows['email']; ?>" size="15">
    </td>
    <td>
    <input name="Position" type="text" id="position" value="<?php echo $rows['position']; ?>" size="15">
    </td>
    <td>
    <input name="User_Name" type="text" id="user_name" value="<?php echo $rows['user_name']; ?>" size="15">
    </td>
    <td>
    <input name="Password" type="text" id="password" value="<?php echo $rows['password']; ?>" size="15">
    </td>
    </tr>
    <tr>
    <td>&nbsp;</td>
    <td>
    <input name="player_id" type="hidden" id="player_id" value="<?php echo $rows['player_id']; ?>">
    </td>
    <td align="center">
    <input type="submit" name="Submit" value="Submit">
    </td>
    <td>&nbsp;</td>
    </tr>
    </table>
    </td>
    </form>
    </tr>
    </table>
    
    <?php
    // close connection 
    mysql_close();
    ?>
    
    
    
    
    //the last code update_ac.php
    
    <?php
    $host="localhost"; // Host name 
    $username="root"; // Mysql username 
    $password=""; // Mysql password 
    $db_name="administrator"; // Database name 
    $tbl_name="players"; // Table name 
    
    $id=$_POST['player_id'];
    $Name=$_POST['name'];
    $Surname=$_POST['surname'];
    $Contact=$_POST['contact_number'];
    $Email=$_POST['email'];
    $Position=$_POST['position'];
    $User_Name=$_POST['user_name'];
    $Password=$_POST['password'];
    
    // Connect to server and select database.
    mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
    mysql_select_db("$db_name")or die("cannot select DB");
    
    // update data in mysql database 
    $sql="UPDATE $tbl_name SET name='$Name', surname='$Surname', contact_number='$Contact', email='$Email', position='$Position', user_name='$User_Name', password='$Password' WHERE player_id='$id'";
    $result=mysql_query($sql);
    
    // if successfully updated. 
    if($result){
    echo "Successful";
    echo "<BR>";
    echo "<a href='list2_player.php'>View result</a>";
    }
    
    else {
    echo "ERROR can not update data";
    }
    
    ?>

SpacePhoenix · October 10, 2013, 6:27am

It means that the form fields had no content in them. The code as posted is very wide open to SQL Injection attacks

Please be aware that the mysql_* extension is now deprecated as of the current version of PHP and will very likely be removed from the next 5.x version and will likely not be in PHP 6.x (when it eventually is released). You should migrate over to either the mysqli_* extension or to PDO. PDO is a better choice as it doesn’t tie you down so much to a particular database server software.

Once you have migrated you should use Prepared Statements to prevent SQL Injection attacks. Have a read of this article from the PHP manual, it shows how to use prepared statements with PDO and also explains the principle.