error updating mysql data through php

Question

I try to update the data making use of checkboxes. But when one or more of the checkbox is not checked. A notice is returned:

Notice: Undefined index: stats2 in E:\wamp\www\HOSPITAL\update.php on line 12

Notice: Undefined index: stats3 in E:\wamp\www\HOSPITAL\update.php on line 12

Notice: Undefined index: stats5 in E:\wamp\www\HOSPITAL\update.php on line 12

<?php
    $con = mysql_connect("localhost","root","");
    if (!$con)
      {
      die('Could not connect: ' . mysql_error());
      }

    mysql_select_db("Hospital", $con);




       mysql_query("UPDATE t2 SET HOSPNUM ='$_POST[hnum]', ROOMNUM='$_POST[rnum]', ADDATE= '$_POST[ad8]', ADTIME='$_POST[adtym]', LASTNAME='$_POST[lname]', FIRSTNAME='$_POST[fname]', MIDNAME='$_POST[mname]', CSTAT='$_POST[cs]', AGE='$_POST[age]', BDAY='$_POST[bday]', ADDRESS='$_POST[ad]', SEX='$_POST[sex]', 
                                                                                                                                                                                                                                                                                                               STAT='$_POST[stats1]', STAT2='$_POST[stats2]', STAT3='$_POST[stats3]', STAT4='$_POST[stats4]', STAT5='$_POST[stats5]', STAT6='$_POST[stats6]', STAT7='$_POST[stats8]', STAT8='$_POST[stats8]', NURSE='$_POST[nurse]'              
        WHERE TELNUM ='$_POST[telnum]'");



    mysql_close($con)
    ?>

-Could you help me, so that the notice would not show up?

Answer 1

When you have a checkbox on a form its value is only sent to the server if the box is ticked. If it is not ticked then that key won't exist in the $_POST array, hence the errors you are seeing.

Answer 2

This is the defined behavoir for checkboxes - only when set are they included in the form data.

You should use isset() to determine if the checkbox is ticked.

change it to

STAT='".isset($_POST['stats1']).", 
STAT2='".isset($_POST['stats2']).", 
STAT3='".isset($_POST['stats3']).", 
STAT4='".isset($_POST['stats4']).",  
STAT5='".isset($_POST['stats5']).", 
STAT6='".isset($_POST['stats6']).", 
STAT7='".isset($_POST['stats8']).", 
STAT8='".isset($_POST['stats8'])." 

Another workaround which works is to add a hidden variable, with the same name, before the checkbox: e.g.

<form action='t1.php' method='post'>
<input type='hidden' name="cb1" value="0">
<input type='checkbox' name="cb1" title='test'>
<input type='submit'  >
</form>
<?php 
print_r($_POST);
?>

Answer 3

The $_POST array doesn't contain a stats2 index. This is because when a checkbox is not checked it will not be included in the post request.

If the form elements are static then you can just check to see if they are set: Replace STAT6='$_POST[stats6]' with STAT6=(array_key_exists('stats6', $_POST)).

If the form elements are generated dynamically, eg:

foreach($students as $student)
{ 
    echo "<input element='checkbox' name='student-is-present-{$value}'>";
}

then include a hidden element in the form so that you can determine what's checked and what's not checked:

foreach($students as $student)
{ 
    echo "<input element='hidden' name='student-{$value}' value='student-is-present-{$value}'>";
    echo "<input element='checkbox' name='student-is-present-{$value}'>";
}

You should quote the array keys. Eg use $_POST['stats5'] instead of $_POST[stats5]. Your SQL is open to SQL injection too. To avoid this you should escape the data with a function like mysql_real_escape_string().

Answer 4

You should also sanitize the input with mysql_real_escape_string to prevent mysql injection.

Answer 5

you should not use POST and GET variables directly in your array. you should clean them, search for mysql injection to find out more :

$hnum = isset($_POST['hnum']) ? mysql_real_escape_string($_POST['hnum']) : '';

and then use those variables. This way you avoid mysql injection and resolve those notices