Undefined index error: user when submitting a POST form

Asked

Viewed 799 times

1

Html

<html>
<body>
<form action="encomenda_apagar.php" method="POST">
 <br><br>
 <label class="sr-only" for="inputHelpBlock"></label>
 <b>INSIRA O SEU USERNAME:</b> <br><br>
 <input type="text" name="user">
 <br>
 <center><input type="submit" value="Eliminar"></center>
 <br>
 </form>
 </body>
 </html>

PHP

<script language="javascript">
<!--
function myFunction(a) {
    alert(a);
}

</script>

<?php

ini_set ('default_charset','utf-8');

$link = mysqli_connect("localhost", "root", "", "bd_calcadocharme");

$id=$_GET['user'];

$sql="DELETE FROM cliente WHERE user='$id'";

$result = mysqli_query($link,$sql);

if ($result && mysqli_affected_rows($link)){
    echo "<script> myFunction('Cliente elimado com sucesso'); </script>";
        header('refresh:0 ; url=escrever.html');
} elseif ($result && !mysqli_affected_rows($link)){
    echo "<script> myFunction('Esse cliente nao existe !'); </script>";
        header('refresh:0 ; url=escrever.html');
} elseif (!$result){
    echo "<script> myFunction('Erro na query!'); </script>";
        header('refresh:0 ; url=escrever.html');
}

?>

Errors: Notice: Undefined index: user in F: XAMPP htdocs PAPBRUNO PAPBRUNO encomenda_apagar.php on line 15

And I don’t understand why .

When I try to delete someone who does not exist APPEARS the "query error" message and SHOULD APPEAR "This client does not exist" And even when I put someone who exists, it doesn’t erase

php mysql

  • Your method (meaning form) is sending via POST, and you’re trying to get the user via GET

  • Well did, but even I when I try to erase someone who exists database, appears the message of This client does not exist

  • There is more than one error in your code kkk String concatenation via PHP you need to use the dot(.)

  • 3

    @Odacil we are not a forum, do not edit the question, add an answer to your own question by clicking "Answer" (it is in the form below). Take the tour to understand how Stackoverflow works: http://answall.com/tour

  • @Marcelobonifazio I suggest to formalize his answer.

  • 4

    @Odacil also noticed that you have several questions with answers, but you didn’t accept any as "Right/Right", after understanding how Stackoverflow works I recommend to mark the answers that you consider correct your questions, this encourages other users to answer, 'cause it’s worth points (you also get a point if you accept an answer)

  • 2

    -- "I see SQL Injection" -- "How often?" -"All the time". You’re taking $_GET parameters without even treating this integer. The way it is, your code allows you to delete more than just the desired user. At least use $id= (int) $_GET['user'];

  • Good evening, I wonder if any of the answers helped you, if not please comment on what you think is missing.

Show 3 more comments

3 answers

3

Your form is using method="POST", just change $id=$_GET['user']; for $id=$_POST['user'];

I also recommend that you avoid passing variables directly to your query, in the case as you are using mysqli then you can try to use bind_param, example:

$id = $_POST['user'];

$link = mysqli_connect('localhost', 'root', '', 'bd_calcadocharme');

if (false === $link) {
    printf('Erro de conexão: %s\n', mysqli_connect_error());
    exit;
}

$stmt = mysqli_prepare($link, 'DELETE FROM cliente WHERE user=?');
mysqli_stmt_bind_param($stmt, 'i', $id);

/* Executa a query */
mysqli_stmt_execute($stmt);

//Fecha stmt
mysqli_stmt_close($stmt);

//Fecha conexão
mysqli_close($link);

2

Like Matheus Velloso said, change the

<form action="encomenda_apagar.php" method="POST">

To

<form action="encomenda_apagar.php" method="GET">

1

Your form is in the POST parameter and you’re waiting, according to your script, a $_GET parameter. That’s why you’re giving an undefined.

Browser other questions tagged php mysql

You are not signed in. Login or sign up in order to post.