submit form undefine variable

teera
teera used Ask the Experts™
on
when i click  submit before  i click Create new in voice the error show How can i solve this problem



Query 'insert into presell (refid ,productcode,ProductName,qutiy ,price,datecreate,timestamp ) select
Notice: Undefined variable: invoiceno in C:\wamp\www\asian\Connections\presalefrom18.php on line 220
, product.ProductId, product.ProductName , if( ProductQuantity < 1, ProductQuantity, 1 ) , product.ProductPrice,Now(),Now() from product where product.ProductId = '1' on duplicate key update qutiy = qutiy + 1 ' failed with error message: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '
Notice: Undefined variable: invoiceno in C:\wamp\www\asian\Co' at line 5"

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<script src="../SpryAssets/SpryValidationTextField.js" type="text/javascript"></script>
<script type="text/javascript">
<!--
function MM_validateForm() { //v4.0
  if (document.getElementById){
    var i,p,q,nm,test,num,min,max,errors='',args=MM_validateForm.arguments;
    for (i=0; i<(args.length-2); i+=3) { test=args[i+2]; val=document.getElementById(args[i]);
      if (val) { nm=val.name; if ((val=val.value)!="") {
        if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
          if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain an e-mail address.\n';
        } else if (test!='R') { num = parseFloat(val);
          if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
          if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
            min=test.substring(8,p); max=test.substring(p+1);
            if (num<min || max<num) errors+='- '+nm+' must contain a number between '+min+' and '+max+'.\n';
      } } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is required.\n'; }
    } if (errors) alert('The following error(s) occurred:\n'+errors);
    document.MM_returnValue = (errors == '');
} }
//-->
</script>
<link href="../SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css" />
</head>
 
<body>
<table width="322" border="1">
   <tr>
     <td width="4">&nbsp;</td>
     <td width="302"><form id="form2" name="form2" method="post" action="<?php echo $_SERVER['PHP_SELF']?>">
       <label>
         
         <input type="submit" name="startbill" id="start bill" value="create new invoice" />
       </label>
     </form></td>
   </tr>
 </table>
 
  <?php require_once('../Connections/aoldatabase.php'); 
session_start();
 
if (isset($_POST['confirmpresale']))
{
$invoicenocheck  = 	$_POST['invoiceno'] ;
mysql_select_db($database_aoldatabase, $aoldatabase); 
$query21 = "update presell,product 
  set presell.`order` = 'y'
  where presell.refid = '$invoicenocheck'
  and presell.productcode  = product.ProductId
  and product.ProductQuantity > presell.qutiy
  and presell.qutiy > 0";
$query21result  = mysql_query ($query21);
 
$query22 = "update product pr, presell ps
set pr.ProductQuantity =  pr.ProductQuantity - ps.qutiy 
where pr.ProductId = ps.productcode and ps.refid = '$invoicenocheck' ";
$query22result  = mysql_query ($query22);
 
$query23 = "  update presell set presell.stockcut = 'y'
  where presell.refid =  '$invoicenocheck' ";
$query23result  = mysql_query ($query23);
 
 
header("Location: customername.php?" . $invoicenocheck );
 
 
}
 
 if (isset($_POST['startbill']))
             
{
 
 
mysql_select_db($database_aoldatabase, $aoldatabase); 
$query1 = "select max(refid) as maxref from presell";
$maxa = mysql_query ($query1)
    or die ("Query '$query' failed with error message: \"" . mysql_error () . '"');
$row = mysql_fetch_array($maxa);
 
$invoiceno = $row['maxref']+1;
echo "$invoiceno" ;
}
?>
 
 
 
    
 <p>
   <?php require_once('../Connections/aoldatabase.php'); 
 mysql_select_db($database_aoldatabase, $aoldatabase); 
 if (isset($_POST['EnterBottom']))
 
{
$invoiceno = $_POST['invoiceno'];          	
$AccNo = $_POST['Productuserfill'];
$quantity = $_POST['quantity'];
 
 
 
$query = "insert into presell (refid
 ,productcode,ProductName,qutiy
 ,price,datecreate,timestamp
)
select $invoiceno, product.ProductId, product.ProductName
    , if( ProductQuantity < $quantity, ProductQuantity, $quantity )
    , product.ProductPrice,Now(),Now()
from product  
where product.ProductId = '$AccNo'  
on duplicate key update  qutiy = qutiy + $quantity ";
 
 
 
mysql_query ($query)
    or die ("Query '$query' failed with error message: \"" . mysql_error () . '"');
 
 
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }
 
  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
 
  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
 
 
$query_slelectPresell = "SELECT presell.refid, presell.productcode, presell.qutiy, presell.price,presell.qutiy*presell.price, presell.productname FROM presell where presell.refid = $invoiceno ORDER BY `presell`.`timestamp` ASC";
$slelectPresell = mysql_query($query_slelectPresell, $aoldatabase) or die(mysql_error());
$row_slelectPresell = mysql_fetch_assoc($slelectPresell);
$totalRows_slelectPresell = mysql_num_rows($slelectPresell);
?>
 </p>
 
 <table width="906" height="121" border="1">
   <tr>
     <td width="80" height="37"></td>
     <td width="136">CODE</td>
     <td width="108">NAME</td>
     <td width="108">Quantity</td>
     <td width="108">Uprice</td>
     <td width="160">Total</td>
     <td width="160">dd</td>
   </tr>
   <?php $totqutiy = 0  ;
   $toPay = 0  ;
   $noorder = 0  ;
 
  
   ?>
   <?php do { ?>
   <tr>
     <?php $totqutiy = $totqutiy+$row_slelectPresell['qutiy']  ;
	 $toPay = $toPay+$row_slelectPresell['presell.qutiy*presell.price']  ;
	 $noorder = $noorder + 1 ;
	 ?>
     <td height="32"><?php echo $noorder ; ?></td>
     <td><?php echo $row_slelectPresell['productcode']; ?></td>
     <td><?php echo $row_slelectPresell['productname']; ?></td>
     <td><?php echo $row_slelectPresell['qutiy']; ?></td>
     <td align="right"><?php echo  number_format($row_slelectPresell['price'], 2, '.', ','); ?></td>
     <td align="right"><?php echo $row_slelectPresell['presell.qutiy*presell.price']; ?></td>
     <td>delete</td>
   </tr>
   <?php } while ($row_slelectPresell = mysql_fetch_assoc($slelectPresell)); ?>
   <tr>
     <td width="80" height="42"></td>
     <td width="136">&nbsp;</td>
     <td width="108">&nbsp;</td>
     <td width="108"><?php echo $totqutiy; ?></td>
     <td width="108">&nbsp; </td>
     <td width="160" align="right"><?php echo $toPay; ?></td>
     <td width="160">&nbsp; </td>
   </tr>
 </table>
 <p>&nbsp; </p>
<p>  </p>
<p>  </p>
<script type="text/javascript">ololo
<!--
var sprytextfield1 = new Spry.Widget.ValidationTextField("sprytextfield1", "integer", {validateOn:["blur"]});
//-->
</script>
</body>
</html>
<?php
                mysql_free_result($slelectPresell);
}
 
 
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post" name="form1" id="form1" onsubmit="MM_validateForm('Productuserfill','','R','quantity','','NisNum');return document.MM_returnValue">
  <label>ProductCode</label>
    <input type="hidden" name="invoiceno" id="hiddenField" value='<?php echo $invoiceno;?>'/>
    <input type="text" name="Productuserfill" id="Productuserfill" />
  
  <span id="sprytextfield1">
  <label>No
    <input name="quantity" type="text" id="quantity" value="1" />
  </label>
  <span class="textfieldRequiredMsg">A value is required.</span><span class="textfieldInvalidFormatMsg">Invalid format.</span></span>
  <label>
    Enter
      <input type="submit" name="EnterBottom" id="EnterBottom" value="Submit" accesskey="A" tabindex="E" />
  </label>
</form>
 
 
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
 <input type="hidden" name="invoiceno" id="hiddenField" value='<?php echo $invoiceno;?>'/>
<input name="confirmpresale" type="submit" value="confirmorder" />
 
</form>

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
HainKurtSr. System Analyst

Commented:
check your query

try this (removed ` and aliases, also you may need to add [timestamp], second query)
SELECT presell.refid, presell.productcode, presell.qutiy, presell.price,presell.qutiy*presell.price, presell.productname
  FROM presell
 WHERE refid = $invoiceno 
 ORDER BY timestamp ASC
 
or 
 
SELECT presell.refid, presell.productcode, presell.qutiy, presell.price,presell.qutiy*presell.price, presell.productname
  FROM presell
 WHERE refid = $invoiceno 
 ORDER BY [timestamp] ASC

Open in new window

Most Valuable Expert 2011
Top Expert 2016
Commented:
Wow, over two hundred lines of code without any comments?  How do you keep track of what you're thinking?

Anyway, PHP has thrown a notice of an undefined variable into the middle of your SQL query string.

This thing:Notice: Undefined variable: invoiceno means that the $invoiceno variable is not set, and you are trying to use it as part of a query.  In some PHP installations, this will simply result in an empty string.  You are lucky because it told you that you were relying on an undefined var.

To isolate the error, scan your code for "invoiceno" - I would look closely at lines 109 and 154, but there may be other places in play as well.

HTH, ~Ray
Line 99 is where the variable is set. I would recommend checking for an empty field before you submit, but if you want to do it in php, do something like:

$invoiceno = $_POST['invoiceno'];
if(!$invoiceno){
   //It's empty. Exit the code and alert user that it's empty
}

Open in new window

Most Valuable Expert 2011
Top Expert 2016
Commented:
I would recommend a slightly different approach based on security and code sequence factors

First of all, you MUST test for data validity in the PHP action script.  You MAY test it in the form script with JS validation, but that is merely a nicety for your clients.  In terms of application security, there is no substitute for server-side validation after the script has been posted.  Why?  Because until you have the information in your action script on your server, it is in the hands of external forces who may have JS turned off, or who may be deliberately intending to send you harmful data.

Then in the server side of things, I would do it this way.  The example at ID25652693 will throw a "Notice" if you have your error reporting levels set to receive the notices, and if you do not, you might be relying on undefined variables without knowing it!

You might want to look up the difference between "empty()" and "isset()" to choose the right one for your application.  You might also want to learn about filter_var() for dealing with external form input.

http://us2.php.net/manual/en/function.empty.php
http://us2.php.net/manual/en/function.isset.php
http://us2.php.net/manual/en/function.filter-var.php

Best regards, ~Ray
// INSTEAD OF THIS
/* 
$invoiceno = $_POST['invoiceno'];
if(!$invoiceno){
   //It's empty. Exit the code and alert user that it's empty
}
*/
 
// I WOULD DO SOMETHING MORE LIKE THIS
if (empty($_POST['invoiceno'])) { /* DATA IS MISSING OR ZERO */ }
 
// OR MAYBE SOMETHING LIKE THIS
if (!isset($_POST['invoiceno'])) { /* DATA IS MISSING */ }

Open in new window

True. I keep forgetting the isset() function. Stratch my last comment. I would go with isset().

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial