Solved

Undefined index line 30 php code

Posted on 2015-02-18
4
145 Views
Last Modified: 2015-02-23
<?php
    session_start() ;
    $link = mysqli_connect("", "", "","")
        or die("Could not connect : " . mysqli_error() );
    mysqli_select_db($link,"") or die("Could not select database");

#$printer_array = array("Oki 420 Ticket",
#        "Oki 420 Report",
#        "Dell 1700 Laser") ;

    if(!isset($_SESSION['storeKey'])) {
        ?>
<html xmlns="http://www.w3.org/1999/xhtml">
<body>
You have not selected a store. Please proceed to the following page to select a store.<br>
<A href="http:///menu.php">Select Here</a>
</body>
</html>
    <?php
    } else {
        $storeKey = $_SESSION['storeKey'] ;
#	print_r($_REQUEST) ;
#	print_r(array_keys($_REQUEST)) ;
#	if(($_SESSION['access'] <= 2) && ($_SESSION['locked'] != 'Y')) {
	     if(isset($_REQUEST['submit'])) {
		$entry = 1;
		for($i=1; $i <= 26; $i++) {
		    $hidden_key = "hidden-" . $i ;
		    $name_key = "full_name-" . $i  ;
		    if($_REQUEST[$name_key]	!= "" ||
			    (isset($_REQUEST[$hidden_key])))
				{
			$active_key = "active-" . $i ;
			if(isset($_REQUEST[$active_key])) {
			    $active = $_REQUEST[$active_key] ;
			} else {
			    $active = "N" ;
			}
			$name = $_REQUEST[$name_key];
			$user_name_key = "user_name-" . $i ;
			$user_name = $_REQUEST[$user_name_key];
			$password_key = "password-" . $i ;
			$password = $_REQUEST[$password_key];
			if(isset($_REQUEST[$hidden_key])) {
			    $hidden = $_REQUEST[$hidden_key] ;
			    print "Update"; 
			    $sql = "UPDATE store_users SET full_name='$name', 
				user_name='$user_name', 
				password='$password',
				active='$active'
				WHERE row_id='$hidden' ; " ;
			    $res = mysqli_query($link,$sql) or 
				die("UPDATE Failed($i) : " .  mysqli_error()) ;
			} else {
			    print "insert"; 
			    $sql = "INSERT INTO store_users (store_key, 
				full_name, user_name, password, active)
				VALUES ('$storeKey', '$name', '$user_name', 
				'$password', '$active');";
			    $res = mysqli_query($link,$sql) or 
				die("INSERT Failed($i) : " .  mysqli_error()) ;
			}
			$entry++;
		    }
		}
	    }
#	}
	$sql = "SELECT * FROM store_users WHERE store_key='$storeKey' ORDER BY full_name ;" ;
        $res = mysqli_query($link,$sql) or die("Query Failed(storeKey) : " .
            mysqli_error());
        for($i = 1; $i <= mysqli_num_rows($res); $i++) {
            $lines[$i] = mysqli_fetch_array($res);
#            print "line$i" ;
        }

	$page = "Staging Users" ;
	require 'header.php' ;
    ?>
<form id="form1" name="form1" method="post" action="">
</table>
  <div align="center"></div>
  <table width="750" height="27" border="0">
    <tr>
      <td width="303"><input type="submit" name="submit" value="Submit" /></td>
      <td width="335">&nbsp;</td>
      <td width="98"><label for="Submit"></label>
          <div align="left">
            <input name="cancel" type="button" onClick="document.location='menu.php'" value="Cancel" />
        </div></td>
    </tr>
  </table>
  <table width="719" height="227" border="1">
    <tr>
	<td colspan="4"><div align="center"><strong><span class="style3">Manage Store Backroom PC Users</span></strong></div></td>
    </tr>
    <tr>
      <td width="43"><strong>Active</strong></td>
      <td width="300"><strong>Full  Name </strong></td>
      <td width="188"><strong>User Name </strong></td>
      <td width="188"><strong>Password</strong></td>
    </tr>
    <?php
	for($i=1 ; $i <= 15; $i++) {
    ?>
    <tr>
      <td><?php if(isset($lines[$i])) {
                ?><input type="hidden" name="hidden-<?php print $i ; ?>" value="<?php
                print $lines[$i]['row_id'] ;
                ?>"><?php
            }
        ?>
	<input name="active-<?php print $i ; ?>" type="checkbox" value="Y" <?php
            if(isset($lines[$i]['active']) == "Y") {                                                   print "checked=\"checked\"";
            }
            ?>/></td>
      <td><input name="full_name-<?php print $i ; ?>" type="text" size="30" maxlength="30" <?php
            if(isset($lines[$i])) {
                print "value=\"" . $lines[$i]['full_name'] . "\"" ;
            }
            ?>/></td>
      <td><input name="user_name-<?php print $i ; ?>" type="text" size="15" maxlength="15" <?php
            if(isset($lines[$i])) {
                print "value=\"" . $lines[$i]['user_name'] . "\"" ;
            }
            ?>/></td>
      <td><input name="password-<?php print $i ; ?>" type="text" size="15" maxlength="15" <?php
            if(isset($lines[$i])) {
                print "value=\"" . $lines[$i]['password'] . "\"" ;
            }
            ?>/></td>
    </tr>
    <?php
	}
    ?>
  </table>
  <div align="center"></div>
  <table width="750" height="27" border="0">
    <tr>
      <td width="303"><input type="submit" name="submit" value="Submit" /></td>
      <td width="335">&nbsp;</td>
      <td width="98"><label for="Submit"></label>
          <div align="left">
            <input name="cancel" type="button" onClick="document.location='menu.php'" value="Cancel" />
        </div></td>
    </tr>
  </table>
  <p>&nbsp;</p>
</form>
</body>
</html>
<?php } ?>

Open in new window


Looking to fix the undefined index line 30 while converting from an old php to php5.6 and if there are other issues with this code
0
Comment
Question by:JDay2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40617666
$_REQUEST[$name_key] and the rest with variables for the index names ($_REQUEST[$hidden_key], $_REQUEST[$active_key])  are undefined in your code above.  They might defined in a form on a previous page.  I have never seen the indexes done with variables like that.  The common format would be like $_REQUEST['firstname'] where 'firstname' is the name of a form element on the previous page.
0
 
LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 250 total points
ID: 40617830
It looks like line 30 says this:

if($_REQUEST[$name_key]      != "" || (isset($_REQUEST[$hidden_key])))

Just above that we have these lines that would appear to define the indexes:

for($i=1; $i <= 26; $i++) {
 $hidden_key = "hidden-" . $i ;
 $name_key = "full_name-" . $i  ;

But given that there could be up to 26 indexes, and apparently some of them are not defined, I think the existing logic was written with the idea that undefined variables could be ignored.  A lot of older PHP code worked with that assumption.

My sense is that this code could probably benefit from refactoring with and eye to following the PHP-FIG standards, and with modern programming practices in mind.  $_REQUEST is a security hole that has no place in a deployed application.  It's smarter to use the POST request variables if you're expecting a POST-method request.  There are other things, too -- unescaped variables in query strings and stuff like that.  If it were my task, I would probably consider a do-over to bring this up to current standards.
0
 
LVL 43

Accepted Solution

by:
Chris Stanyon earned 250 total points
ID: 40617899
As a work around you could check the variable is set before checking it's value:

if( (isset($_REQUEST[$name_key]) && $_REQUEST[$name_key] != "") || isset($_REQUEST[$hidden_key]) )

Open in new window

0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40617922
I was wondering if the previous server was supporting 'register_globals' which now obselete.  http://php.net/manual/en/faq.using.php#faq.register-globals   That would explain why the code used to work.
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question