Notice: Undefined index: parse var - PHP Server Side Scripting forum at WebmasterWorld - WebmasterWorld

Forum Moderators: coopster

Message Too Old, No Replies

Notice: Undefined index: parse var

Scotty13

1:26 pm on Apr 11, 2012 (gmt 0)

10+ Year Member

I’m a newbie, me gentle on me.

I never had this error until my web hosting company upgraded PHP from
PHP 5.2.x to PHP 5.3.x.

My edit profile page is giving me this following error…

Notice: Undefined index: parse_var in /home/*****/public_html/edit_profile.php on line 152 & line 172

Line 152...
if ($_POST['parse_var'] == "links"){

$website = $_POST['website'];
$website = strip_tags($website);
$website = str_replace("http://", "", $website);
$website = str_replace("'", "'", $website);
$website = str_replace("`", "'", $website);
$website = mysql_real_escape_string($website);
$youtube = preg_replace('#[^A-Za-z_0-9]#i', '', $_POST['youtube']); // filter everything but desired characters
$sqlUpdate = mysql_query("UPDATE myMembers SET website='$website', youtube='$youtube' WHERE id='$id' LIMIT 1");
if ($sqlUpdate){
$success_msg = '<img src="images/round_success.png" width="20" height="20" alt="Success" />Your links and API connections have been updated successfully.';
} else {
$error_msg = '<img src="images/round_error.png" width="20" height="20" alt="Failure" /> ERROR: Problems arose during the information exchange, please try again later.</font>';
}
}

Line 172...
if ($_POST['parse_var'] == "bio"){

$bio_body = $_POST['bio_body'];
$bio_body = str_replace("'", "'", $bio_body);
$bio_body = str_replace("`", "'", $bio_body);
$bio_body = mysql_real_escape_string($bio_body);
$bio_body = nl2br(htmlspecialchars($bio_body));
// Update the database data now here for all fields posted in the form
$sqlUpdate = mysql_query("UPDATE myMembers SET bio_body='$bio_body' WHERE id='$id' LIMIT 1");
if ($sqlUpdate){
$success_msg = '<img src="../root/images/round_success.png" width="20" height="20" alt="Success" />Your description information has been updated successfully.';
} else {
$error_msg = '<img src="../root/images/round_error.png" width="20" height="20" alt="Failure" /> ERROR: Problems arose during the information exchange, please try again later.</font>';
}
}

Thanks in advance,
Scotty13

coopster

2:33 pm on Apr 11, 2012 (gmt 0)

WebmasterWorld Administrator

10+ Year Member

The very same error would have been occurring in previous versions of PHP. The difference is that error_reporting [php.net] has changed, or at least being displayed now as opposed to going to your logs which is more appropriate in a production environment.

The index that is undefined is in your $_POST superglobal. It means that the form did not submit that particular input field name. So you are trying to use something that does not exist.

Scotty13

2:46 pm on Apr 11, 2012 (gmt 0)

10+ Year Member

Damn! Now what? The above script is in my edit_profile page and below is what I have throughout my profile page...

$bio_body = $row["bio_body"];
$bio_body = str_replace("&#39;", "'", $bio_body);
$bio_body = stripslashes($bio_body);

<table width="90%" border="0" align="center">
<form action="root/edit_res.php" enctype="multipart/form-data" method="post" name="bioForm" id="bioForm">
<tr>
<td width="12%"><strong>Over the years, I've been...</strong>:</td>

<td width="54%"><textarea name="bio_body" cols="" rows="5" class="formFields" style="width:94%;"><?php echo "$bio_body"; ?></textarea></td>
<td width="34%">
<input name="parse_var" type="hidden" value="bio_body" />
<input type="submit" name="button10" id="button10" value="Submit" /></td>
</tr>
</form>
</table>

$bio_body = "";
$bio_body = "";

if ($_POST['parse_var'] == "bio"){

$bio_body = $_POST['bio_body'];
$bio_body = str_replace("'", "'", $bio_body);
$bio_body = str_replace("`", "'", $bio_body);
$bio_body = mysql_real_escape_string($bio_body);
$bio_body = nl2br(htmlspecialchars($bio_body));

eelixduppy

2:51 pm on Apr 11, 2012 (gmt 0)

The notices you are receiving are not of any serious concern. If you want to get rid of them completely, normally a check is put in place before the value is used, e.g.:


if(isset($_POST['parse_var']) && $_POST['parse_var'] == 'bio') {
// do something
}

As coopster, mentioned, it is perhaps more concerning that your configuration is dumping errors directly to the browser instead of to a log file. This is not ideal for a production environment, as your users will be able to see errors as they happen (if they happen).

Have a look at the options to send errors to a log: [php.net...]

rocknbil

3:59 pm on Apr 11, 2012 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Though it will still "work", I don't know about "no concern" - undefined variables/values reflect sloppy programming, sloppy programming leads to security issues and "ghosts" - it should work, but it doesn't and I can't see why. Turning off the error reporting or dumping it to the files is just ignoring the problem, not making it go away.

Always define variables you're going to use, or at the least check for their existence before operating on them. Do what elixduppy shows there - always check for a value being set BEFORE operating on it.

Here's another (unrelated but still) one, that you've pasted twice. There's no opening font tag (besides, font is deprecated . . .)

$error_msg = '<img src="images/round_error.png" width="20" height="20" alt="Failure" /> ERROR: Problems arose during the information exchange, please try again later.</font>';