Undefine variable?

Brucieee · October 7, 2019, 10:34pm

Why does undefine variable show?
Heres the notice:
** Notice : Undefined variable: fname in C:\xampp\htdocs\meian\shop.php on line 91

Notice : Undefined variable: lname in C:\xampp\htdocs\meian\shop.php on line 91

Notice : Undefined variable: address in C:\xampp\htdocs\meian\shop.php on line 91

Notice : Undefined variable: city in C:\xampp\htdocs\meian\shop.php on line 91

Notice : Undefined variable: zip in C:\xampp\htdocs\meian\shop.php on line 91

Notice : Undefined variable: phone in C:\xampp\htdocs\meian\shop.php on line 91

Notice : Undefined variable: email in C:\xampp\htdocs\meian\shop.php on line 91**

This is my code:

if(isset($_POST['submit'])) {
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$address = $_POST['address'];
$city = $_POST['city'];
$zip = $_POST['zip'];
$phone = $_POST['phone'];
$email = $_POST['email'];

$query = mysqli_query($connect, $sql);

 echo"Your message has been sent! <br>";
 }


$sql = "INSERT INTO delivery(id,fname,lname,address,city,zip,phone,email)
VALUES('','$fname','$lname','$address','$city','$zip','$phone','$email')";
?>

Frosty · October 7, 2019, 10:49pm

Declare your variables outside of the ‘if’ statement before you assign them.

$fname = null;
$lname = null;
$address = null;
$city = null;
$zip = null;
$phone = null;
$email = null;

Brucieee · October 7, 2019, 11:00pm

i want these data to insert into database when i click submit wont that affect it?

Brucieee · October 7, 2019, 11:02pm

i want these data to insert into database, wont removing them from

if(isset($_POST['submit'])){}

wont that make the data not go into database?

Frosty · October 7, 2019, 11:05pm

No, you declare the variables outside of the code using them. When you press submit, it will set the values of the variables to the ones you defined in your if statement.

    <?php
    $fname = null;
    $lname = null;
    $address = null;
    $city = null;
    $zip = null;
    $phone = null;
    $email = null;

    if(isset($_POST['submit'])) {
    $fname = $_POST['fname'];
    $lname = $_POST['lname'];
    $address = $_POST['address'];
    $city = $_POST['city'];
    $zip = $_POST['zip'];
    $phone = $_POST['phone'];
    $email = $_POST['email'];

    $query = mysqli_query($connect, $sql);

     echo"Your message has been sent! <br>";
     }


    $sql = "INSERT INTO delivery(id,fname,lname,address,city,zip,phone,email)
    VALUES('','$fname','$lname','$address','$city','$zip','$phone','$email')";
    ?>

benanamen · October 7, 2019, 11:18pm

Depending on the name of a button to be submitted will completely fail in certain cases. You need to check the REQUEST METHOD
Do not create variables for nothing
You need to use Prepared Statements. NEVER EVER put variables in a query.
I would recommend you use PDO

Frosty · October 7, 2019, 11:24pm

Like @benanamen said, don’t use variables in a query. You can use special tokens for that(parameters).

// It is possible to insert $_POST['fname'] directly into 
// your $query string; however doing so is very insecure and opens your 
// code up to SQL injection exploits.  Using tokens prevents this. 
// For more information on SQL injections, see Wikipedia: 
// http://en.wikipedia.org/wiki/SQL_Injection

$query_params = array
( 
        ':fname' => $_POST['fname'] 
);  

 // We are using special tokens (technically called parameters) to 
// protect against SQL injection attacks.

$query = 
" INSERT INTO delivery ( 
            fname
        ) VALUES ( 
            :fname
        ) ";

Brucieee · October 7, 2019, 11:32pm

should i remove

$fname = null['fname'];
$lname = null['lname'];
$address = null['address'];
$city = null['city'];
$zip = null['zip'];
$phone = null['phone'];
$email = null['email'];
$total = null['total'];

and

if(isset($_POST['send'])) {
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$address = $_POST['address'];
$city = $_POST['city'];
$zip = $_POST['zip'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$total = $_POST['total'];
echo"Your message has been sent! <br>";
 }

Frosty · October 7, 2019, 11:44pm

$fname = null;
$lname = null;
$address = null;
$city = null;
$zip = null;
$phone = null;
$email = null;
$total = null;

if(isset($_POST['submit'])) {
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$address = $_POST['address'];
$city = $_POST['city'];
$zip = $_POST['zip'];
$phone = $_POST['phone'];
$email = $_POST['email'];

$query_params = array( 
':fname' => $_POST['fname'],
':lname' => $_POST['lname'],
':address' => $_POST['address'],
':city' => $_POST['city'],
':zip' => $_POST['zip'],
':phone' => $_POST['phone'],
':email' => $_POST['email'],
':total' => $_POST['total']
        );

$query = mysqli_query($connect, $sql);

 echo"Your message has been sent! <br>";
 }


$sql = "INSERT INTO delivery(id,fname,lname,address,city,zip,phone,email)
VALUES('',':fname',':lname',':address',':city',':zip',':phone',':email')";

try 
{ 
$stmt = $con->prepare($sql); 
$result = $stmt->execute($query_params); 
}
?>

I’ve done most of it for you. It’s up to you to prepare and execute using the parameters.
prepare($query);
execute($query_params);

Brucieee · October 7, 2019, 11:47pm

Thanks a bunch! but its showing me a parse error when i pasted it
** Parse error : syntax error, unexpected ‘’:lname’’ (T_CONSTANT_ENCAPSED_STRING), expecting ‘)’ in C:\xampp\htdocs\meian\shop.php on line 95**

Frosty · October 8, 2019, 12:02am

I’ve updated my post once more. Added prepare and execute

Brucieee · October 8, 2019, 12:02am

Oh sorry just saw it
now it gave me a fatal error
** Fatal error : Cannot use try without catch or finally in C:\xampp\htdocs\meian\shop.php on line 114**

Frosty · October 8, 2019, 12:05am

I added it to my post.

Frosty · October 8, 2019, 12:08am

Sorry, I forgot the catch statement.

*Note: On a production website, you should not output $ex->getMessage().
It may provide an attacker with helpful information about your code.

After the closing bracket for ‘try’, add this

catch(PDOException $ex)
{
die("Failed to run query: " . $ex->getMessage());
}

Frosty · October 8, 2019, 12:14am

It is also possible to remove try-catch entirely.

try 
{ 
$stmt = $con->prepare($sql); 
$result = $stmt->execute($query_params); 
}

catch(PDOException $ex)
{
die("Failed to run query: " . $ex->getMessage());
}

Changes To:

$stmt = $con->prepare($sql); 
$result = $stmt->execute($query_params);

Brucieee · October 8, 2019, 12:17am

I see, but now its stating that query_params in an undefined variable and mysqli_stmt::execute expects to be at 0 parameters
should i remove $query_params?

also after i inserted $stmt = $connect->prepare($sql); $result = $stmt->execute($query_params);
It gave me this ** Warning : mysqli_fetch_assoc() expects parameter 1 to be mysqli_result**

and all my products are gone

calgeorge · October 12, 2019, 7:47pm

There are dozens of ways to code this. I believe the OP was wanting help in determining why his code wasn’t working.
As a suggestion to debugging this problem, try putting
echo $sql; die();
before you execute the query. This will show you which variable is undefined and you can use that information to modify your code to catch this situation.

tp45 · October 13, 2019, 2:09am

I think they are undefined because they don’t have values make sure they have values;

phdr · October 13, 2019, 2:17am

The OP has since moved on to other threads for this. The reason the variables were undefined is because where they were being used, in the sql query statement, was outside of and after the form processing code. The correct solution was to move the sql query statement to be inside of and in the correct location in the form processing code.