Undefined Index Issue

i am doing project in php and mySqll i am getting error like Undefined index: route in C:\wamp\www
ew22\list.php on line 222.
my code is as follows

<?php
$url = $_POST["route"];
$user_name = "root";
    $password = "";
    $database = "locations";
    $server = "127.0.0.1";

$db_handle = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database, $db_handle) or die(mysql_error);

if ($db_found) {

$SQL = "select * from notes where route='$url'";
$result = mysql_query($SQL) or die(mysql_error);
echo "<table border=1>";
echo "<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Name</td>
<td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ADDRESS</td><td>ROUTE</td></tr>";

while ($db_field = mysql_fetch_assoc($result)) {
echo "<tr>";
echo "<td>".$db_field['name'] . "</td>";
echo "<td>".$db_field['address'] . "</td>";
echo "<td>".$db_field['route'] . "</td>";
echo "</tr>";
}

echo "</table>";
mysql_close($db_handle);

}
else {

print "Database NOT Found ";
mysql_close($db_handle);
}



?> 
</td></tr>	
		
</table>

	</div>

please tell me how i can resolve this problem.
thanku

Since you’ve only provided 46 lines of code it will be difficult to be precise, but I would suggest that you look at line 222 of list.php

What I expect that you’ll find is that something like your line 2 above ($url = $_POST[“route”]:wink: will be referring to a value that is missing. Basically, if $_POST[“route”] is not set, then you will get that error. You should really change that line to put in a default action when it’s not sent. For example:

$url = isset($_POST['route']) ? $_POST['route'] : 'default';

This means that if $_POST[‘route’] is not set, that it will fall back to ‘default’, which you can then handle further on

On a related note, you really didn’t ought to allow data to be passed via $_POST and then inject it straight into a MySQL query. It allows what is called an “SQL Injection Attack”. It’s much better to do something like this:

switch (@$_POST["route"]){
    case 'route1':
        $url = 'this/url';
        break;
    case 'route2':
        $url = 'that/url';
        break;
    case 'route3':
        $url = 'this/other/url';
        break;
    default:
        $url = 'index/url';
}
$SQL = "select * from notes where route='$url'"

What we’re doing differently here is hard coding the URLs in. No matter what you post in “route” you can never interfere with the SQL that you generate. You know for sure that one of three options will be selected because the correct information has been provided, or else the default value will be selected. There is no way to attack this. Also note that I changed $_POST[“route”] by adding an @ at the front? That will suppress the error you get when $_POST[‘route’] isn’t already set, so this will still work

In any case the OP needs to migrate away from the mysql_* extension as it’s depreceated as of the current version of PHP, they should be now using either the mysqli_* extension or PDO, either of which enable the use of prepared statements

Agreed :slight_smile:

BTW, the original MySQL library is deprecated as of PHP 5.5, not 5.4. Although I do agree that we should be moving on to MySQLi or PDO by now, and that not properly escaping/preparing statements is bad, the rush to switch from the original MySQL functions isn’t quite as urgent

‘Undefined index’ is actually a notice, not an error. You can use isset(), as suggested. You can also suppress these warnings with:

error_reporting(E_ALL ^ E_NOTICE);

at the top of your file.

Personally I would discourage suppressing like that because I feel that with notices enabled that you are encouraged to a) code better and b) if you do need to suppress individually with @$var then at least you are aware and it’s all deliberate. Doesn’t take away from the fact that you CAN do it, I just don’t recommend it. Feels… lazy :slight_smile:

Agreed - it is a lazy solution, but usable for non-critical stuff.

I’ve seen these notices being returned for such things as not enclosing an array index in single quotes, e.g. array[index] instead of array[‘index’]. I think the quotes are mandatory as of php 5.4

Yeah, I used to make that mistake occasionally with arrays many years back when I first had to work on a site where warnings were shown. Soon got out of that habit and I think I’m a better developer for it :slight_smile: