Undefined indices and variables in php

Question

This is a text book problem in which I've followed the exact coding. Yet I keep getting the errors of undefined indices and undefined vairables. I keep going over my code and I think I'm missing the errors from fatigue. Here is the code. Any suggestions. I'm against the clock. Here is the htm file associated with this.

Here are the error message:

 Undefined index: firstname in D:\Inetpub\Ciswebs\CIS54\TYSON_SCHWEIDEL\cReport.php on line 10   PHP Notice: Undefined index: lastname in D:\Inetpub\Ciswebs\CIS54\TYSON_SCHWEIDEL\cReport.php on   line 11 PHP Notice: Undefined index: whenithappened in D:\Inetpub\Ciswebs\CIS54\TYSON_SCHWEIDEL\cReport.php on line 12 PHP Notice: Undefined index: howlong in D:\Inetpub\Ciswebs\CIS54\TYSON_SCHWEIDEL\cReport.php on line 13 PHP Notice: Undefined index: howmany in D:\Inetpub\Ciswebs\CIS54\TYSON_SCHWEIDEL\cReport.php on line 14 PHP Notice: Undefined index: aliendescription in  D:\Inetpub\Ciswebs\CIS54\TYSON_SCHWEIDEL\cReport.php on line 15 PHP Notice: Undefined index: whattheydid in D:\Inetpub\Ciswebs\CIS54\TYSON_SCHWEIDEL\cReport.php on line 16 PHP Notice: Undefined index: fangspotted in D:\Inetpub\Ciswebs\CIS54\TYSON_SCHWEIDEL\cReport.php on line 17 PHP Notice: Undefined index: email in D:\Inetpub\Ciswebs\CIS54\TYSON_SCHWEIDEL\cReport.php on line 18 PHP Notice: Undefined index: other in D:\Inetpub\Ciswebs\CIS54\TYSON_SCHWEIDEL\cReport.php on line 19 PHP Notice: Undefined variable: name in D:\Inetpub\Ciswebs\CIS54\TYSON_SCHWEIDEL\cReport.php on line 33 

 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1  /DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 <title>Alien Abduction2</title>
 </head>

 <body>
 <?php
 $first_name = $_POST['firstname'];
 $last_name = $_POST['lastname'];
 $when_it_happened = $_POST['whenithappened'];
 $how_long = $_POST['howlong'];
 $how_many = $_POST['howmany'];
 $alien_description = $_POST['aliendescription'];
 $what_they_did = $_POST['whattheydid'];
 $fang_spotted = $_POST['fangspotted'];
 $email = $_POST['email'];
 $other = $_POST['other'];

 $dbc = mysqli_connect('localhost','cis54student','student','cis54')
 or die('Error connecting to MySQL server');
 $query = "INSERT INTO aliens_abduction (first_name, last_name, when_it_happened, how_long, " .
"how_many, alien_description, what_they_did, fang_spotted, other, email) " .
"VALUES ('$first_name', '$last_name', '$when_it_happened', '$how_long', '$how_many', " .
"'$alien_description', '$what_they_did', '$fang_spotted', '$other', '$email')";

 $result = mysqli_query($dbc, $query)
 or die('Error querying database.' . mysqul_error());

 mysqli_close($dbc);

 echo "Thanks for submitting the form $name<br />";
 echo "You were abducted '  $when_it_happened<br />";
 echo "And were gone for ' . $how_long <br />";
 echo "Number of aliens: ' . $how_many <br />";
 echo "Describe them: ' . $alien_description <br />";
 echo "The aliens did this:  $what_they_did <br />";
 echo "Was Fang there?  $fang_spotted <br />";
 echo "Other comments: ' . $other <br />";
 echo 'Your email address is ' . $email;


?>
</body>
</html>

Answer 1

Change this alone

<input id="fangspotted" 
       name="fangspotted" 
       type="radio" 
       value="yes" 
       checked="checked" />

No warnings :)

Answer 2

What you really need is to check if there was POST request.

The solution#2 from the above answer makes very little sense.
The ONLY it's purpose is to turn the error message off.
While just gagging errors without any handling will do no good but just make your code messy.

So, you have to check if there was post request.

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    //here goes all your code
}

And you will see no error messages.

The only case that really require isset check is checkbox type. All other types always being sent, so there is no need to check for them.

Answer 3

Take a look at where you're submitting to. I changed the form action="report.php" to creport.php and it solved a big chunk of it. Also there is bug in the line

echo "Thanks for submitting the form $name<br />";

as $name is never defined.

Some improvements I could suggest

first off I would suggest looking at http://php.net/manual/en/function.extract.php. It would save a good chunk of code to extract your $_POST.

Add isset tests to make sure variables are set before using them

in this case you can use.

echo (isset($var)?$var:'');

As mentioned before, your code does have some security vulnerabilities, and an additional level of error checking should be done serverside (in case javascript is disabled) and inline javascript is not considered good practice (add an event listener for form submission). Your teacher may not have covered these yet though (or possible may not even know better).

Answer 4

I believe you're getting the notices because when you load the page (when it's not submitted, i.e. by just clicking here), those variables are not defined. You have two solutions.

1. Check for the presence of the submit button in $_POST then act accordingly
2. Change all your variables to test the $_POST array with isset() before using them.

Solution #1:

if( isset( $_POST['submit']))
{
    $first_name = $_POST['firstname'];
    $last_name = $_POST['lastname'];
    $when_it_happened = $_POST['whenithappened'];
    ....
}

Solution #2:

$first_name = isset( $_POST['firstname']) ? $_POST['firstname'] : '';
$last_name = isset( $_POST['lastname']) ? $_POST['lastname'] : '';
...

Also, as mario points out, you misspelled mysql_error as mysqul_error.