I am trying to post the contents of a form field into a MySql database. The title and contents of a blog should post into a mysql table but I keep getting this error: Notice: Undefined index: titleblog in /home/ooze/public_html/main2/uploadblog.php on line 10 Notice: Undefined index: blogcontent in /home/ooze/public_html/main2/uploadblog.php on line 11.
<table>
<tr class="top row" style="font-weight: bold;"><td>
<p>Upload your blog</p>
<form name="f4" action="uploadblog.php" method="post" enctype="multipart/form-data">
title: <input type="text" name="titleblog" />
<br/>
<textarea name="blogcontent" rows="10" columns="60" style="width:350px; height:150px;">Enter you blog here
</textarea>
<br/>
<input type="submit" value="Submit" style="margin-left: 300px;"/>
</form>
</td></tr>
</table>
This is the php code:
<?php
session_start();
?>
<?php
$a = $_POST["titleblog"];
$b = $_POST["blogcontent"];
$conn = mysql_connect("localhost","ooze","");
mysql_select_db ("ooze");
$mysql="INSERT INTO blog (title, blog_content, date, username) VALUES ('$a','$b', CURDATE(), $_SESSION[gatekeeper])";
mysql_query($mysql) or die(mysql_error());
echo "<p>Blog submitted</p>";
mysql_close($conn);
?>
<?php
if(isset($_post['submit']) && $_post['submit'] == 'Submit') {
$a = $_POST["titleblog"];
$b = $_POST["blogcontent"];
$conn = mysql_connect("localhost","ooze","");
mysql_select_db ("ooze");
$mysql="INSERT INTO blog (title, blog_content, date, username) VALUES ('$a','$b', CURDATE(), $_SESSION[gatekeeper])";
mysql_query($mysql) or die(mysql_error());
echo "<p>Blog submitted</p>";
mysql_close($conn);
}
?>
and also the value filed is missing. Give like this <input type="text" name="titleblog" value="" />
You forgot to escape the strings to prevent SQL Injections:
<?php
session_start();
?>
<?php
$a = mysql_real_escape_string($_POST["titleblog"]); // <--
$b = mysql_real_escape_string($_POST["blogcontent"]); // <--
$conn = mysql_connect("localhost","ooze","");
mysql_select_db ("ooze");
$mysql="INSERT INTO blog (title, blog_content, date, username) VALUES ('$a','$b', CURDATE(), $_SESSION[gatekeeper])";
mysql_query($mysql) or die(mysql_error());
echo "<p>Blog submitted</p>";
mysql_close($conn);
?>
For more information on SQL Injections see:
http://php.net/manual/en/security.database.sql-injection.php