Tech Support Guy banner
Status
Not open for further replies.
1 - 9 of 9 Posts

·
Registered
Joined
·
774 Posts
Discussion Starter · #1 ·
Hi All and merry xmas

I am trying to create an online address book and get an error all the the time saying "undefined index master_name line 74"

this is the addentry code

Here is the code sorry its so long
<?php

if ((!$_POST) || (isset($_GET["master_id"])))

{

//havent seen the form so show it
$display_block = "
";

if (isset($GET["master_id"])){
$mysqli = mysqli_connect("localhost","rachael","phoenix","address");

//get first, last names for display/tests validity

$get_names_sql = "SELECT concat_ws('',f_name, l_name) AS display_name FROM master_name WHERE
id = '".$GET["master_id"]."'";
$get_names_res = mysqli_query($mysqli,$get_names_sql)
or die (mysqli_error($mysqli));

if (mysqli_num_rows($get_names_res) == 1){

while($name_info = mysqli_fetch_array($get_names_res)){
$display_name = stripslashes($name_info["display_name"]);
}
}

}

if(isset($display_name)){
$display_block .= "

Adding Information for
$display_name)

";

}else {
$display_block .="

First/Last Names:

";

}

$display_block .= "

Address:

City/County/Postcode

p>Address Type:
Home
Work
Other

Telephone Number:

Home
Work
Other

Fax Number:

Home
Work
Other

Email Address:

Home
Work
Other

Personal Note:

//ERROR HERE

";

}else if ($_POST){
if ((($_POST["f_name"] == "") || ($_POST["l_name"]== ""))&& (!isset($_POST["master_id"]))){
header("location:addentry.php");
exit;
}

//connect to database

$mysqli = mysqli_connect("localhost"," rachael","phoenix", "address");

if ($_POST["master_id"]){
//add to master
$add_master_sql = "INSERT ITO master_name (date_added,date_modified, f_name,l_name) VALUES
(now() now(), '".$_POST["f_name"]."',
'".$_POST["l_name"]."')";

$add_master_res = mysqli_query($mysqli,$add_master_sql)
or die (mysqli_error($mysqli));

//get master id for use with other tables
$master_id = mysqli_insert_id($mysqli);
}else{
$master_id = $_POST["master_id"];
}

if (($_POST["address"])|| ($_POST["city"])|| ($_POST["county"])|| ($_POST["post_code"])){
//something relevant, add address table
$add_address_sql = "INSERT INTO address(master_id, date_added, date_modified, address, city, county, post_code, type) VALUES ('".$master_id."', now(), now(),'".$_POST["address"]."', '".$_POST["city"]."','".$_POST["county"]."','".$_POST["post_code"]."', '".$_POST["add_type"]."')";

$add_address_res = mysqli_query($mysqli,$add_address_sql) or die(mysqli_error($mysqli));
}
if ($_POST["tel_num"]) {
//something relevant so add to telephone table
$add_tel_sql = "INSERT INTO telephone(master_id, date_added, date_modified, tel_num, type) VALUES ('".$master_id."', now(), now(),'".$_POST["tel_num"]."', '".$_POST["tel_type"]."')";

$add_tel_res = mysqli_query($mysqli,$add_tel_sql) or die(mysqli_error($mysqli));
}

if ($_POST["fax_num"]){
//something relevant so add to fax table
$add_fax_sql = "INSERT INTO fax(master_id, date_added, date_modified, fax_num, type) VALUES ('".$master_id."', now(), now(),'".$_POST["fax_num"]."', '".$_POST["fax_type"]."')";

$add_fax_res = mysqli_query($mysqli,$add_fax_sql) or die(mysqli_error($mysqli));
}

if ($_POST["email"]) {
//something relevant so add to email table
$add_email_sql = "INSERT INTO email(master_id, date_added, date_modified, email, type) VALUES ('".$master_id."', now(), now(),'".$_POST["email"]."', '".$_POST["email_type"]."')";

$add_email_res = mysqli_query($mysqli,$add_email_sql) or die(mysqli_error($mysqli));
}
if ($_POST["note"]){
//something relevant so add to the personal note table
$add_notes_sql = "UPDATE personal_notes( set note = '".$_POST["note"]."' WHERE master_id = '".$_master_id."'";
$add_notes_res = mysqli_query($mysqli,$add_notes_sql) or die(mysqli_error($mysqli));
}
mysqli_close($mysqli);
$display_block = "

Your New Entry Has Been Added!. Would You Like To Add Another?

";
}

?>

Add An Entry


Add An Entry
<?php echo $display_block; ?>

I have done most of it from a book so cant see why the erro

I highlighted the offending line in red

Cheers

Gus
 

·
Registered
Joined
·
3,625 Posts
PHP:
<?php

			if ((!$_POST) || (isset($_GET["master_id"])))

			{

				//havent seen the form so show it
			$display_block = "
			";

			if (isset($GET["master_id"])){
				$mysqli = mysqli_connect("localhost","rachael","phoenix","address");

				//get first, last names for display/tests validity

				$get_names_sql = "SELECT concat_ws('',f_name, l_name) AS display_name FROM master_name WHERE
									id = '".$GET["master_id"]."'";
				$get_names_res = mysqli_query($mysqli,$get_names_sql)
							or die (mysqli_error($mysqli));

			if (mysqli_num_rows($get_names_res) == 1){

				while($name_info = mysqli_fetch_array($get_names_res)){
					$display_name = stripslashes($name_info["display_name"]);
				}
			}

		}

			if(isset($display_name)){
				$display_block .= "

Adding Information for 
				[B]$display_name)[/B]

";

			}else {
				$display_block .="

[B]First/Last Names:[/B]

				";

			}

			$display_block .= "

[B]Address:[/B]

[B]City/County/Postcode[/B]

			p>[B]Address Type:[/B]
			Home
            Work
	        Other

[B]Telephone Number:[/B]

		   Home
           Work
		   Other

[B]Fax Number:[/B]

			Home
            Work
			Other

[B]Email Address:[/B]

			Home
            Work
			Other

[B]Personal Note:[/B]

             //[B]ERROR HERE[/B]

			";

		}else if ($_POST){
				if ((($_POST["f_name"] == "") || ($_POST["l_name"]== ""))&& (!isset($_POST["master_id"]))){
					header("location:addentry.php");
					exit;
				}

		//connect to database

		$mysqli = mysqli_connect("localhost"," rachael","phoenix", "address");

		if ($_POST["master_id"]){
			//add to master
			$add_master_sql = "INSERT ITO master_name (date_added,date_modified, f_name,l_name) VALUES
			(now() now(), '".$_POST["f_name"]."',
			'".$_POST["l_name"]."')";

			$add_master_res = mysqli_query($mysqli,$add_master_sql)
					or die (mysqli_error($mysqli));

			//get master id for use with other tables
			$master_id = mysqli_insert_id($mysqli);
		}else{
			$master_id = $_POST["master_id"];
		}

		if (($_POST["address"])|| ($_POST["city"])|| ($_POST["county"])|| ($_POST["post_code"])){
			//something relevant, add address table
	$add_address_sql = "INSERT INTO address(master_id, date_added, date_modified, address, city, county, post_code, type) VALUES ('".$master_id."', now(), now(),'".$_POST["address"]."', '".$_POST["city"]."','".$_POST["county"]."','".$_POST["post_code"]."', '".$_POST["add_type"]."')";

	$add_address_res = mysqli_query($mysqli,$add_address_sql) or die(mysqli_error($mysqli)); 
		}
		if ($_POST["tel_num"]) {
			//something relevant so add to telephone table
			 $add_tel_sql = "INSERT INTO telephone(master_id, date_added, date_modified, tel_num, type) VALUES ('".$master_id."', now(), now(),'".$_POST["tel_num"]."', '".$_POST["tel_type"]."')";

   $add_tel_res = mysqli_query($mysqli,$add_tel_sql) or die(mysqli_error($mysqli)); 
		}

		if ($_POST["fax_num"]){
			//something relevant so add to fax table
			 $add_fax_sql = "INSERT INTO fax(master_id, date_added, date_modified, fax_num, type) VALUES ('".$master_id."', now(), now(),'".$_POST["fax_num"]."', '".$_POST["fax_type"]."')";

	$add_fax_res = mysqli_query($mysqli,$add_fax_sql) or die(mysqli_error($mysqli)); 
		}

		if ($_POST["email"]) {
			//something relevant so add to email table
			$add_email_sql = "INSERT INTO email(master_id, date_added, date_modified, email, type) VALUES ('".$master_id."', now(), now(),'".$_POST["email"]."', '".$_POST["email_type"]."')";

	$add_email_res = mysqli_query($mysqli,$add_email_sql) or die(mysqli_error($mysqli)); 
		}
		if ($_POST["note"]){
			//something relevant so add to the personal note table
			$add_notes_sql = "UPDATE personal_notes( set note = '".$_POST["note"]."' WHERE master_id = '".$_master_id."'";	
	$add_notes_res = mysqli_query($mysqli,$add_notes_sql) or die(mysqli_error($mysqli)); 
		}
		mysqli_close($mysqli);
	$display_block = "

Your New Entry Has Been Added!. Would You Like To [URL]Add Another[/URL]?

";
	}

?>

	Add An Entry

	[CENTER]
[B][SIZE=15]Add An Entry[/SIZE][/B]
[/CENTER]
	<?php echo $display_block; ?>
 

·
Registered
Joined
·
14,681 Posts
There are so many security holes in that I would just scrap it and rewrite it. User input needs to be run through mysqli_real_escape_string() before passing it to the database, and the fields also need to be escaped before you echo them. There are also typos, like ITO instead of INTO in the query.

Michael Wright - that would just add an error. Double quotes are only escaped within double quoted strings.
 
1 - 9 of 9 Posts
Status
Not open for further replies.
Top