Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New Coder
    Join Date
    May 2013
    Posts
    35
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Need help with this form

    With this code
    PHP Code:
    <?php
    $link 
    mysqli_connect("localhost""root""palhaco""negocios_angola");
    if (!
    $link) {
        die(
    'Could not connect: ' mysqli_connect_error());
    }

    if (
    $_POST) {
      
      
    $cat_parent $_POST['cat_parent'];
      
    $cat_name $_POST['cat_name'];
      
      
    $sql "INSERT INTO categories (cat_parent, cat_name) VALUES ($cat_parent, $cat_name)";

      if (
    mysqli_query($link$sql) === TRUE) {
          echo 
    "Table myCity successfully created.\n";
      }
    } else {
    ?>

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
    <html>
      <head>
      <meta http-equiv="content-type" content="text/html; charset=windows-1250">
      <meta name="generator" content="PSPad editor, www.pspad.com">
      <title> Adiciona Categoria</title>
      </head>
      <body>
      <form action="addcat.php" method="post">
      <select name="cat_parent">
      <option>option 1</option>
      <option>option 2</option>
      <option>option 3</option>
      <option>option 4</option>
      </select><br>
      categoria: <input type="text" name="cat_name"><br>
      <input type="submit" value="Submit"> 
     </form> 
      </body>
    </html>
    <?php
    }
    ?>
    It is giving me this error:
    Notice: Undefined index: cat_parent in D:\Web Data\divdev\admin\addcat.php on line 9

    Can please someone help me?

  • #2
    wlf
    wlf is offline
    New Coder
    Join Date
    Aug 2012
    Posts
    61
    Thanks
    0
    Thanked 2 Times in 2 Posts
    Do this.

    1)

    Put

    $link = mysqli_connect("localhost", "root", "palhaco", "negocios_angola");
    if (!$link)
    die('Could not connect: ' . mysqli_connect_error());

    inside

    if($_POST)

    There is no point in connecting if no input has been provided.

    2)

    Omit

    action="addcat.php"

    you are posting to the same page so it's not required.

    3)

    Add quotes

    VALUES ('$cat_parent', '$cat_name')

    You are inserting strings not integers into the database.

    4)

    This script is vulnerable to SQL injection. You should always validate user input.

  • #3
    New Coder
    Join Date
    May 2013
    Posts
    35
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thank You. It is working now.

  • #4
    wlf
    wlf is offline
    New Coder
    Join Date
    Aug 2012
    Posts
    61
    Thanks
    0
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by reisve View Post
    Thank You. It is working now.
    You are welcome!

    Remember that script is vulnerable to SQL injection

    See en.wikipedia.org/wiki/Data_validation

  • #5
    New Coder
    Join Date
    May 2013
    Posts
    35
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Only the administrator have access to it. To get there, there is a login page.
    But thank you anyway


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •