homepage Welcome to WebmasterWorld Guest from 54.205.254.108
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Notice: Undefined index: parse var
Scotty13




msg:4439587
 1:26 pm on Apr 11, 2012 (gmt 0)

I’m a newbie, me gentle on me.

I never had this error until my web hosting company upgraded PHP from
PHP 5.2.x to PHP 5.3.x.

My edit profile page is giving me this following error…

Notice: Undefined index: parse_var in /home/*****/public_html/edit_profile.php on line 152 & line 172

Line 152...
if ($_POST['parse_var'] == "links"){

$website = $_POST['website'];
$website = strip_tags($website);
$website = str_replace("http://", "", $website);
$website = str_replace("'", "'", $website);
$website = str_replace("`", "'", $website);
$website = mysql_real_escape_string($website);
$youtube = preg_replace('#[^A-Za-z_0-9]#i', '', $_POST['youtube']); // filter everything but desired characters
$sqlUpdate = mysql_query("UPDATE myMembers SET website='$website', youtube='$youtube' WHERE id='$id' LIMIT 1");
if ($sqlUpdate){
$success_msg = '<img src="images/round_success.png" width="20" height="20" alt="Success" />Your links and API connections have been updated successfully.';
} else {
$error_msg = '<img src="images/round_error.png" width="20" height="20" alt="Failure" /> ERROR: Problems arose during the information exchange, please try again later.</font>';
}
}


Line 172...
if ($_POST['parse_var'] == "bio"){

$bio_body = $_POST['bio_body'];
$bio_body = str_replace("'", "&#39;", $bio_body);
$bio_body = str_replace("`", "&#39;", $bio_body);
$bio_body = mysql_real_escape_string($bio_body);
$bio_body = nl2br(htmlspecialchars($bio_body));
// Update the database data now here for all fields posted in the form
$sqlUpdate = mysql_query("UPDATE myMembers SET bio_body='$bio_body' WHERE id='$id' LIMIT 1");
if ($sqlUpdate){
$success_msg = '<img src="../root/images/round_success.png" width="20" height="20" alt="Success" />Your description information has been updated successfully.';
} else {
$error_msg = '<img src="../root/images/round_error.png" width="20" height="20" alt="Failure" /> ERROR: Problems arose during the information exchange, please try again later.</font>';
}
}


Thanks in advance,
Scotty13

 

coopster




msg:4439612
 2:33 pm on Apr 11, 2012 (gmt 0)

The very same error would have been occurring in previous versions of PHP. The difference is that error_reporting [php.net] has changed, or at least being displayed now as opposed to going to your logs which is more appropriate in a production environment.

The index that is undefined is in your $_POST superglobal. It means that the form did not submit that particular input field name. So you are trying to use something that does not exist.

Scotty13




msg:4439616
 2:46 pm on Apr 11, 2012 (gmt 0)

Damn! Now what? The above script is in my edit_profile page and below is what I have throughout my profile page...

$bio_body = $row["bio_body"];
$bio_body = str_replace("&amp;#39;", "'", $bio_body);
$bio_body = stripslashes($bio_body);


<table width="90%" border="0" align="center">
<form action="root/edit_res.php" enctype="multipart/form-data" method="post" name="bioForm" id="bioForm">
<tr>
<td width="12%"><strong>Over the years, I've been...</strong>:</td>



<td width="54%"><textarea name="bio_body" cols="" rows="5" class="formFields" style="width:94%;"><?php echo "$bio_body"; ?></textarea></td>
<td width="34%">
<input name="parse_var" type="hidden" value="bio_body" />
<input type="submit" name="button10" id="button10" value="Submit" /></td>
</tr>
</form>
</table>


$bio_body = "";
$bio_body = "";


if ($_POST['parse_var'] == "bio"){

$bio_body = $_POST['bio_body'];
$bio_body = str_replace("'", "&#39;", $bio_body);
$bio_body = str_replace("`", "&#39;", $bio_body);
$bio_body = mysql_real_escape_string($bio_body);
$bio_body = nl2br(htmlspecialchars($bio_body));

eelixduppy




msg:4439620
 2:51 pm on Apr 11, 2012 (gmt 0)

The notices you are receiving are not of any serious concern. If you want to get rid of them completely, normally a check is put in place before the value is used, e.g.:

if(isset($_POST['parse_var']) && $_POST['parse_var'] == 'bio') {
// do something
}


As coopster, mentioned, it is perhaps more concerning that your configuration is dumping errors directly to the browser instead of to a log file. This is not ideal for a production environment, as your users will be able to see errors as they happen (if they happen).

Have a look at the options to send errors to a log: [php.net...]

rocknbil




msg:4439656
 3:59 pm on Apr 11, 2012 (gmt 0)

Though it will still "work", I don't know about "no concern" - undefined variables/values reflect sloppy programming, sloppy programming leads to security issues and "ghosts" - it should work, but it doesn't and I can't see why. Turning off the error reporting or dumping it to the files is just ignoring the problem, not making it go away.

Always define variables you're going to use, or at the least check for their existence before operating on them. Do what elixduppy shows there - always check for a value being set BEFORE operating on it.

Here's another (unrelated but still) one, that you've pasted twice. There's no opening font tag (besides, font is deprecated . . .)

$error_msg = '<img src="images/round_error.png" width="20" height="20" alt="Failure" /> ERROR: Problems arose during the information exchange, please try again later.</font>';

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved