# Undefined Index



## GUSMAN (Dec 19, 2001)

Hi All and merry xmas

I am trying to create an online address book and get an error all the the time saying "undefined index master_name line 74"

this is the addentry code

Here is the code sorry its so long
<?php

if ((!$_POST) || (isset($_GET["master_id"])))

{

//havent seen the form so show it
$display_block = "
";

if (isset($GET["master_id"])){
$mysqli = mysqli_connect("localhost","rachael","phoenix","address");

//get first, last names for display/tests validity

$get_names_sql = "SELECT concat_ws('',f_name, l_name) AS display_name FROM master_name WHERE
id = '".$GET["master_id"]."'";
$get_names_res = mysqli_query($mysqli,$get_names_sql)
or die (mysqli_error($mysqli));

if (mysqli_num_rows($get_names_res) == 1){

while($name_info = mysqli_fetch_array($get_names_res)){
$display_name = stripslashes($name_info["display_name"]);
}
}

}

if(isset($display_name)){
$display_block .= "

Adding Information for 
*$display_name)*

";

}else {
$display_block .="

*First/Last Names:*

";

}

$display_block .= "

*Address:*

*City/County/Postcode*

p>*Address Type:*
Home
Work
Other

*Telephone Number:*

Home
Work
Other

*Fax Number:*

Home
Work
Other

*Email Address:*

Home
Work
Other

*Personal Note:*

//*ERROR HERE*

";

}else if ($_POST){
if ((($_POST["f_name"] == "") || ($_POST["l_name"]== ""))&& (!isset($_POST["master_id"]))){
header("location:addentry.php");
exit;
}

//connect to database

$mysqli = mysqli_connect("localhost"," rachael","phoenix", "address");

if ($_POST["master_id"]){
//add to master
$add_master_sql = "INSERT ITO master_name (date_added,date_modified, f_name,l_name) VALUES
(now() now(), '".$_POST["f_name"]."',
'".$_POST["l_name"]."')";

$add_master_res = mysqli_query($mysqli,$add_master_sql)
or die (mysqli_error($mysqli));

//get master id for use with other tables
$master_id = mysqli_insert_id($mysqli);
}else{
$master_id = $_POST["master_id"];
}

if (($_POST["address"])|| ($_POST["city"])|| ($_POST["county"])|| ($_POST["post_code"])){
//something relevant, add address table
$add_address_sql = "INSERT INTO address(master_id, date_added, date_modified, address, city, county, post_code, type) VALUES ('".$master_id."', now(), now(),'".$_POST["address"]."', '".$_POST["city"]."','".$_POST["county"]."','".$_POST["post_code"]."', '".$_POST["add_type"]."')";

$add_address_res = mysqli_query($mysqli,$add_address_sql) or die(mysqli_error($mysqli)); 
}
if ($_POST["tel_num"]) {
//something relevant so add to telephone table
$add_tel_sql = "INSERT INTO telephone(master_id, date_added, date_modified, tel_num, type) VALUES ('".$master_id."', now(), now(),'".$_POST["tel_num"]."', '".$_POST["tel_type"]."')";

$add_tel_res = mysqli_query($mysqli,$add_tel_sql) or die(mysqli_error($mysqli)); 
}

if ($_POST["fax_num"]){
//something relevant so add to fax table
$add_fax_sql = "INSERT INTO fax(master_id, date_added, date_modified, fax_num, type) VALUES ('".$master_id."', now(), now(),'".$_POST["fax_num"]."', '".$_POST["fax_type"]."')";

$add_fax_res = mysqli_query($mysqli,$add_fax_sql) or die(mysqli_error($mysqli)); 
}

if ($_POST["email"]) {
//something relevant so add to email table
$add_email_sql = "INSERT INTO email(master_id, date_added, date_modified, email, type) VALUES ('".$master_id."', now(), now(),'".$_POST["email"]."', '".$_POST["email_type"]."')";

$add_email_res = mysqli_query($mysqli,$add_email_sql) or die(mysqli_error($mysqli)); 
}
if ($_POST["note"]){
//something relevant so add to the personal note table
$add_notes_sql = "UPDATE personal_notes( set note = '".$_POST["note"]."' WHERE master_id = '".$_master_id."'";	
$add_notes_res = mysqli_query($mysqli,$add_notes_sql) or die(mysqli_error($mysqli)); 
}
mysqli_close($mysqli);
$display_block = "

Your New Entry Has Been Added!. Would You Like To Add Another?

";
}

?>

Add An Entry


*Add An Entry*​ <?php echo $display_block; ?>

I have done most of it from a book so cant see why the erro

I highlighted the offending line in red

Cheers

Gus


----------



## MMJ (Oct 15, 2006)

Can you put it in [php*] tags?


----------



## GUSMAN (Dec 19, 2001)

sorry im not quite sure what you mean?

Cheers

Gus


----------



## MMJ (Oct 15, 2006)

```
<?php

			if ((!$_POST) || (isset($_GET["master_id"])))

			{

				//havent seen the form so show it
			$display_block = "
			";

			if (isset($GET["master_id"])){
				$mysqli = mysqli_connect("localhost","rachael","phoenix","address");

				//get first, last names for display/tests validity

				$get_names_sql = "SELECT concat_ws('',f_name, l_name) AS display_name FROM master_name WHERE
									id = '".$GET["master_id"]."'";
				$get_names_res = mysqli_query($mysqli,$get_names_sql)
							or die (mysqli_error($mysqli));

			if (mysqli_num_rows($get_names_res) == 1){

				while($name_info = mysqli_fetch_array($get_names_res)){
					$display_name = stripslashes($name_info["display_name"]);
				}
			}

		}

			if(isset($display_name)){
				$display_block .= "

Adding Information for 
				[B]$display_name)[/B]

";

			}else {
				$display_block .="

[B]First/Last Names:[/B]

				";

			}

			$display_block .= "

[B]Address:[/B]

[B]City/County/Postcode[/B]

			p>[B]Address Type:[/B]
			Home
            Work
	        Other

[B]Telephone Number:[/B]

		   Home
           Work
		   Other

[B]Fax Number:[/B]

			Home
            Work
			Other

[B]Email Address:[/B]

			Home
            Work
			Other

[B]Personal Note:[/B]

             //[B]ERROR HERE[/B]

			";

		}else if ($_POST){
				if ((($_POST["f_name"] == "") || ($_POST["l_name"]== ""))&& (!isset($_POST["master_id"]))){
					header("location:addentry.php");
					exit;
				}

		//connect to database

		$mysqli = mysqli_connect("localhost"," rachael","phoenix", "address");

		if ($_POST["master_id"]){
			//add to master
			$add_master_sql = "INSERT ITO master_name (date_added,date_modified, f_name,l_name) VALUES
			(now() now(), '".$_POST["f_name"]."',
			'".$_POST["l_name"]."')";

			$add_master_res = mysqli_query($mysqli,$add_master_sql)
					or die (mysqli_error($mysqli));

			//get master id for use with other tables
			$master_id = mysqli_insert_id($mysqli);
		}else{
			$master_id = $_POST["master_id"];
		}

		if (($_POST["address"])|| ($_POST["city"])|| ($_POST["county"])|| ($_POST["post_code"])){
			//something relevant, add address table
	$add_address_sql = "INSERT INTO address(master_id, date_added, date_modified, address, city, county, post_code, type) VALUES ('".$master_id."', now(), now(),'".$_POST["address"]."', '".$_POST["city"]."','".$_POST["county"]."','".$_POST["post_code"]."', '".$_POST["add_type"]."')";

	$add_address_res = mysqli_query($mysqli,$add_address_sql) or die(mysqli_error($mysqli)); 
		}
		if ($_POST["tel_num"]) {
			//something relevant so add to telephone table
			 $add_tel_sql = "INSERT INTO telephone(master_id, date_added, date_modified, tel_num, type) VALUES ('".$master_id."', now(), now(),'".$_POST["tel_num"]."', '".$_POST["tel_type"]."')";

   $add_tel_res = mysqli_query($mysqli,$add_tel_sql) or die(mysqli_error($mysqli)); 
		}

		if ($_POST["fax_num"]){
			//something relevant so add to fax table
			 $add_fax_sql = "INSERT INTO fax(master_id, date_added, date_modified, fax_num, type) VALUES ('".$master_id."', now(), now(),'".$_POST["fax_num"]."', '".$_POST["fax_type"]."')";

	$add_fax_res = mysqli_query($mysqli,$add_fax_sql) or die(mysqli_error($mysqli)); 
		}

		if ($_POST["email"]) {
			//something relevant so add to email table
			$add_email_sql = "INSERT INTO email(master_id, date_added, date_modified, email, type) VALUES ('".$master_id."', now(), now(),'".$_POST["email"]."', '".$_POST["email_type"]."')";

	$add_email_res = mysqli_query($mysqli,$add_email_sql) or die(mysqli_error($mysqli)); 
		}
		if ($_POST["note"]){
			//something relevant so add to the personal note table
			$add_notes_sql = "UPDATE personal_notes( set note = '".$_POST["note"]."' WHERE master_id = '".$_master_id."'";	
	$add_notes_res = mysqli_query($mysqli,$add_notes_sql) or die(mysqli_error($mysqli)); 
		}
		mysqli_close($mysqli);
	$display_block = "

Your New Entry Has Been Added!. Would You Like To [URL]Add Another[/URL]?

";
	}

?>

	Add An Entry

	[CENTER]
[B][SIZE=15]Add An Entry[/SIZE][/B]
[/CENTER]
	<?php echo $display_block; ?>
```


----------



## GUSMAN (Dec 19, 2001)

it just looks the same as mine?
Gus


----------



## MMJ (Oct 15, 2006)

Except its highlighted


----------



## Michael Wright (Dec 25, 2006)

replace:
//ERROR HERE

";

with:
//ERROR HERE

";

I cannto guarantee that it will work but that is all that I can see with the code...


----------



## brendandonhu (Jul 8, 2002)

There are so many security holes in that I would just scrap it and rewrite it. User input needs to be run through mysqli_real_escape_string() before passing it to the database, and the fields also need to be escaped before you echo them. There are also typos, like ITO instead of INTO in the query.

Michael Wright - that would just add an error. Double quotes are only escaped within double quoted strings.


----------



## GUSMAN (Dec 19, 2001)

its only going to be run on a local host in wamp just to demonstrate it.

I will try the suggestions and also sort the typos out

Cheers

Gus


----------

