tags:

views:

288

answers:

2

Hi, I'm learning PHP to create a feedback form. I followed a tutorial and created a html page with the form and a php file to execute the request and save it into the database. Strangely enough, I've got two problems.

  1. And after I pressed the submit, I've got the following error: Undefined variable: user in /Users/wj/Sites/all_sanbox/VTC-PHP/07/send_feedback.php on line 8

  2. I filled the form with some data, but the php file executed as if there were not data entered.

The code I used are as follows:


feedback.html

<HTML>
<HEAD>
<TITLE>Vinyl Dealers: feedback </TITLE>
</HEAD>

<BODY>
<H2>Feedback</H2>
<BR />
<FORM ACTION="send_feedback.php" METHOD="POST">
Your name:
<INPUT TYPE=TEXT NAME="user" MAXLENGTH=40 SIZE=40 />
<BR />
Your email:
 <INPUT TYPE=TEXT NAME="email" MAXLENGTH=40 SIZE=40 />
 <BR /><BR />
Can we keep you updated with news about our site?
<INPUT NAME="spam" TYPE=RADIO VALUE="1" CHECKED />Yes
<INPUT NAME="spam" TYPE=RADIO VALUE="0" />No
<BR /><BR />
Comments:
<BR />
 <TEXTAREA COLS=60 ROWS=10 NAME="comments"></TEXTAREA>
 <BR />
<INPUT TYPE=SUBMIT VALUE="submit" />
</FORM>
</BODY>
</HTML>


sendfeedback.php

  <html>
  <head>
      <title>Vinyl Dealers: we appreciate your feedback</title>
  </head>

  <body>  
      <?php 
      if (!$user || !$email || !$comments){ ?>

      <h2>Whoops</h2>
      <br>Please fill in all fields<br>
      <a href="feedback.html">Click here to go back to the feedback page.</a>

      <?php 
      exit; 
      }

      $user = addslashes($user);
      $email = addslashes($email);
      $comments = addslashes($comments);
      $db = mysql_connect("localhost","root","admin");
      mysql_select_db("vinyldealers",$db);
      $addfeedback = "INSERT INTO feedback (user, email, spam, comments)
                      VALUES(" . '$user' . "," . $email . "," . $comments .")";
      $result = mysql_query($addfeedback);

      ?>
  <H2>Thank you</H2>
  <BR>
  We have added your comments to our database.    
  </body>
  </html>
+4  A: 

I guess you are running PHP without register_globals option which is safe. That's why you need to access the submitted values using $_POST['user'] and similar...

How about adding:

 $user = $_POST['user']
 $email = $_POST['email'] 
 // etc...
Grzegorz Oledzki
+1  A: 

You don't ever get the value of user out of the POST variable in PHP. When you pass variables in a form, the resultant request contains your values in the POST body of the request, which you must extract in PHP before you can use it.

In your case, you want to add some code like:

$user = $_POST['user'];

This will get the value out of the HTTP request and into a PHP variable. In all recent PHP versions, POST variables are accessible through the $_POST associative array, and GET variables similarly through $_GET. In much older versions of PHP, you want $HTTP_VARS_POST and $HTTP_VARS_GET, respectively.

Tim