1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 6:34 pm Apr 27, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Undefined index and error in your SQL syntax

index, sql syntax

         

Steve_Berry

3:13 pm on Feb 8, 2019 (gmt 0)

5+ Year Member



What I am trying to do is to load users from a database to a table using a Select box, and then add information to the users page (header,tile, body content) which is then added to that users page on the database. The list of names (users) appears, and I am able to put information in the form, however when I send the information I get the following error messages:

Notice: Undefined index: $title in C:\xampp\htdocs\MyCMS\admin\index.php on line 80
Notice: Undefined index: $header in C:\xampp\htdocs\MyCMS\admin\index.php on line 81
Notice: Undefined index: $body in C:\xampp\htdocs\MyCMS\admin\index.php on line 82
Notice: Undefined variable: userid in C:\xampp\htdocs\MyCMS\admin\index.php on line 84
Notice: Undefined index: in C:\xampp\htdocs\MyCMS\admin\index.php on line 84
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ' '', '', '')' at line 1

The code to send data is: 

<?php 
if(isset($_POST['submitted']) == 1) {

$title = mysqli_real_escape_string($dbc, $_POST['$title']); 
$header = mysqli_real_escape_string($dbc, $_POST['$header']);
$body = mysqli_real_escape_string($dbc, $_POST['$body']);

$q = "INSERT INTO `pages` (`userid`, `title`, `header`, `body`) VALUE ($_POST[$userid], '$title', '$header', '$body')";

$r = mysqli_query($dbc, $q) or die(mysqli_error($dbc));

if($r) {

$message = '<p>Page was added.</p>';

} else {

$message = '<p>Page could not be added due to: </p>'.mysqli_error($dbc);
$message .= '<p>'.$q.'</p>';
} // end if inner

} // end if outer

?>


The fields in the database match those in INSERT option.

I must be missing something. any help will be appreciated.

xCart

4:27 pm on Feb 8, 2019 (gmt 0)

5+ Year Member



I think you should use index $_POST without "$". 

$title = mysqli_real_escape_string($dbc, $_POST['title']); 
$header = mysqli_real_escape_string($dbc, $_POST['header']);
$body = mysqli_real_escape_string($dbc, $_POST['body']);

lucy24

5:08 pm on Feb 8, 2019 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Isn't this recursive?
$title = mysqli_real_escape_string($dbc, $_POST['$title'])
You're defining a variable by referring to the variable that you're currently defining.

Using the same name for two different things--here, the php variable and, I guess, the name or id of an input field--can reduce confusion but it can also create confusion, depending on who's doing the programming and how their mind works. Personally I'd compromise by using names that are related in some systematic way, like $var-title in one place and "input-title" in the other.

$userid on the other hand doesn't seem to have been defined at all, unless you inadvertently left it out of the copy-and-paste.

Steve_Berry

10:53 am on Feb 9, 2019 (gmt 0)

5+ Year Member



Thanks - will adjust the code.

Steve_Berry

11:24 am on Feb 9, 2019 (gmt 0)

5+ Year Member



Hi- altered code, but still getting an error message:

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 's page', 'Alice's page', 'Alice's page')' at line 1

The code: 

<?php 
if(isset($_POST['submitted']) == 1) {

// removes special characters

$title = mysqli_real_escape_string($dbc, $_POST['title']); 
$header = mysqli_real_escape_string($dbc, $_POST['header']);
$body = mysqli_real_escape_string($dbc, $_POST['body']);

// removes backslashes

$title = stripslashes($_POST['title']); 
$header = stripslashes($_POST['header']); 
$body = stripslashes($_POST['body']); 


$q = "INSERT INTO `pages` (`title`, `header`, `body`) VALUE ('$title', '$header', '$body')";

$r = mysqli_query($dbc, $q) or die(mysqli_error($dbc));

if($r) {

$message = '<p>Page was added.</p>';

} else {

$message = '<p>Page could not be added due to: </p>'.mysqli_error($dbc);
$message .= '<p>'.$q.'</p>';
} // end if inner

} // end if outer

?>

Steve_Berry

12:54 pm on Feb 9, 2019 (gmt 0)

5+ Year Member



Hi - please ignore the 'Altered' code mentioned as I've gone back to a page that allows me to add a page with page header, page title, and body, which is then loaded into the database.

This is the code that works - there may be errors that I'n not aware of but the data appears in the database, which then appear in a list on the index page.

The working code: 

<?php 
if(isset($_POST['submitted']) == 1) {

$header = stripslashes($_REQUEST['header']);

$header = mysqli_real_escape_string($dbc, $header);

$title = stripslashes($_REQUEST['title']); 

$title = mysqli_real_escape_string($dbc, $title); 

$body = stripslashes($_REQUEST['body']);

$body = mysqli_real_escape_string($dbc, $body);

$q = "INSERT INTO `pages` (`header`, `title`, `body`) VALUE ('$header', '$title', '$body')";

$r = mysqli_query($dbc, $q) or die(mysqli_error($dbc));

if($r) {

$message = '<p>Page was added.</p>';

} else {

$message = '<p>Page could not be added due to: </p>'.mysqli_error($dbc);
$message .= '<p>'.$q.'</p>';
} // end if inner

} // end if outer

?>

The issues arose when I wanted to add a user to the page they create - using their email (useid on database).. This will add the details of the created page along with the userid to the same database. The userid would correspond to the user table (their id).

The error is mentioned already - "Undefined variable: userid ".

I would still like to associate the userid to the pages table but need some help on how to do that without errors.

Thanks in advanced.

xCart

7:12 am on Feb 11, 2019 (gmt 0)

5+ Year Member



Little note: mysqli_query is an outdated function, not supported by php7+. You should use PDO or mysqli.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 6:34 pm Apr 27, 2026