Ad

Guestbook: Undefined Variable

- 1 answer

so I have a problem with my guestbook, hope you could find my mistake...

this is my form:

<html>
<head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<link rel="stylesheet" href="styles.css">
<title> - Contact me | USA </title>
</head>
<body>
<form method="post" action="addguestbook.php">
<table width="400" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td><strong>Atsiliepimų knyga </strong></td>
</tr>
</table>
<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form id="form1" name="form1" method="post" action="addguestbook.php">
<td>
<table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td width="117">Vardas</td>
<td width="14">:</td>
<td width="357"><input name="name" type="text" id="name" size="40" /></td>
</tr>
<tr>
<td>Email</td>
<td>:</td>
<td><input name="email" type="text" id="email" size="40" /></td>
</tr>
<tr>
<td valign="top">Komentaras</td>
<td valign="top">:</td>
<td><textarea name="comment" cols="40" rows="3" id="comment"></textarea></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Submit" /> <input type="reset" name="Submit2" value="Reset" /></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<table width="400" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td><strong><a href="viewguestbook.php">View Guestbook</a> </strong></td>
</tr>
</table>
</form>
</body>
</html>

this is the php code for adding the info into MYSQL table:

<?php
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="guestbook"; // Table name 

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect server "); 
mysql_select_db("$db_name")or die("cannot select DB");

$datetime=date("y-m-d h:i:s"); //date time

$sql="INSERT INTO $tbl_name(name, email, comment, datetime)VALUES('$name', '$email', '$comment', '$datetime')";
$result=mysql_query($sql);

if (isset($_POST['submit']))
  {
    $name=$_POST['name'];
 
    $email=$_POST['email'];
 
    $comment=$_POST['comment'];
 
 
 if(!$name || !$comment)
    {
      print "<font color='red'>Name or comment not entered, please go back and sign again</font><br>";
    }
 
   else
    {
 
     $datetime=date("D M d, Y H:i:s");    
     $putinguestbook="INSERT INTO gbook(name, email, comment) VALUES('$name','$email','$comment','$day')";
  $result=mysql_query($putinguestbook);
 
 
 
    }
  }
 
         if($result){
echo "Successful";
echo "<BR>";
echo "<a href='viewguestbook.php'>View guestbook</a>"; // link to view guestbook page
}
 
else {
echo "ERROR";
}
 
 
mysql_close();
?>

and this is the code for viewing the guestbook:

<table width="400" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td><strong>View Guestbook | <a href="guestbook.php">Sign Guestbook</a> </strong></td>
</tr>
</table>
<br>

<?php

$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="guestbook"; // Table name 

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect server "); 
mysql_select_db("$db_name")or die("cannot select DB");
$sql="SELECT * FROM $tbl_name";
$result=mysql_query($sql);
while($rows=mysql_fetch_array($result)){
?>

<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<td><table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td>ID</td>
<td>:</td>
<td><? echo $rows['id']; ?></td>
</tr>
<tr>
<td width="117">Name</td>
<td width="14">:</td>
<td width="357"><? echo $rows['name']; ?></td>
</tr>
<tr>
<td>Email</td>
<td>:</td>
<td><? echo $rows['email']; ?></td>
</tr>
<tr>
<td valign="top">Comment</td>
<td valign="top">:</td>
<td><? echo $rows['comment']; ?></td>
</tr>
<tr>
<td valign="top">Date/Time </td>
<td valign="top">:</td>
<td><? echo $rows['datetime']; ?></td>
</tr>
</table></td>
</tr>
</table>

<?php
}
mysql_close(); //close database
?>

And i get an error, that says:

Notice: Undefined variable: name in D:\wamp\www\addguestbook.php on line 14

Notice: Undefined variable: email in D:\wamp\www\addguestbook.php on line 14

Notice: Undefined variable: comment in D:\wamp\www\addguestbook.php on line 14

And I can't find the right way to correct this... Would be very thankful if you helped me :)

Ad

Answer

Look at this snippet (from your script to add to the database):

$sql="INSERT INTO $tbl_name(name, email, comment, datetime)VALUES('$name', '$email', '$comment', '$datetime')";
$result=mysql_query($sql);

if (isset($_POST['submit']))
{
    $name=$_POST['name'];
    $email=$_POST['email'];
    $comment=$_POST['comment'];
    ....
}

As you can see, you're using the variable $name, $email and others in the INSERT query, but only in the if-clause you define them ($name = $_POST['name']). You should either place the INSERT query inside the if clause as well (after the declaration of your variables), or, if it is meant to be there, define the variables.

Most probably this is what you want:

if (isset($_POST['submit']))
{
    $name=$_POST['name'];
    $email=$_POST['email'];
    $comment=$_POST['comment'];

    $sql="INSERT INTO $tbl_name(name, email, comment, datetime)VALUES('$name', '$email', '$comment', '$datetime')";
    $result=mysql_query($sql);
    ....
}

And ofcourse I have to urge you to read this post about SQL injection, because as it is now, you're script is very unsafe.

Ad
source: stackoverflow.com
Ad