PHP - HTML表单中未定义的索引 - 显示为NULL

时间:2014-10-12 19:34:14

标签: php html mysql mysqli

所以我编写了一个程序,从MySQL数据库生成一个简单的报告。但是,在更改代码以接受来自HTML表单的用户输入后,我突然得到各种错误,所有错误都源于未定义的索引(变量显示为null)。

如果我不接受通过表单的用户输入,该程序将完美运行。

到目前为止我尝试了什么......

  1. 从POST切换到GET。
  2. 使用if(isset声明。

    3. 并不多,我知道,但我对PHP的了解并没有超出这个范围。

    以下是具体错误:

    “未定义变量:B_DATE in ... on line 35”和“Undefined variable:E_DATE in ... on line 36”

    还有更多,但它们都源于上述问题。

    在我发布代码之前,我在代码的开头放了一个调试数组,它输出如下:

     $debug = true;
 if ($debug === true)
 {
     echo '<hr />
     <h4>Debug Area</h4>
     <pre>';

     print_r(array($_GET, $_POST));

     echo '</pre>
     <hr />';
 }

Debug Area

Array
(
    [0] => Array
        (
            [formID] => IRCcalculatepercentageform
            [B_DATE] => 2014-10-12
            [E_DATE] => 2014-10-13
        )

    [1] => Array
        (
        )

)


     if(!isset($_GET['IRCcalculatepercentageform'])){
     echo "No value";
     }

    返回“无值”。

    以下是HTML表单的代码:

     <form method="get" action="IRCcalculatepercentage1.php"> 

 <input type="hidden" name="formID" value="IRCcalculatepercentageform" />

 <p> Type in the date you want to perform your calculation on (year, month, day):    "0000-00-00" </p>
 <p> Beginning Date: <input type="text" name="B_DATE" /></p>
 <p> Ending Date: <input type="text" name="E_DATE" /></p>

 <input type="submit" value="Submit" />
 </form>
 </body>
 </html>

    以下是程序代码:

    <?php //calculate percentage

error_reporting(E_ALL);
ini_set('display_errors', '1');

require_once 'IRCconfig.php';

$connection = 
    new mysqli($db_hostname, $db_username, $db_password, $db_database);

if ($connection->connect_error) die($connection->connect_error);

$B_DATE = $_GET['B_DATE'];
$E_DATE = $_GET['E_DATE'];

/* Computes the number of cells from column 
'C_LAB' that contains the term 'Y'*/

$query1 = "SELECT C_LAB, DATE
           FROM CLIENT_CHECKIN
           WHERE DATE BETWEEN '$B_DATE' AND '$E_DATE'
           HAVING C_LAB = 'Y'";


$result1 = $connection->query($query1);
    if (!$result1) die($connection->error);

$rows1 = $result1->num_rows;

for ($j = 0 ; $j < $rows1 ; ++$j)
{
    $result1->data_seek($j);
    echo 'Computer lab: ' . $result1->fetch_assoc()['C_LAB'] . '<br><br>';
    $count1 = $j;
}

/*Computes the number of cells from column 'C_LAB' 
that contain the term 'N'*/

$query2 = "SELECT C_LAB, DATE
           FROM CLIENT_CHECKIN
           WHERE DATE BETWEEN '$B_DATE' AND '$E_DATE'
           HAVING C_LAB = 'N'";

$result2 = $connection->query($query2);
    if (!$result2) die($connection->error);

$rows2 = $result2->num_rows;

for ($l = 0 ; $l < $rows2 ; ++$l)
{
    $result2->data_seek($l);
    echo 'Computer lab: ' . $result2->fetch_assoc()['C_LAB'] . '<br><br>';
    $count2 = $l;
}

$total = ($count1 + 1) + ($count2 + 1);

echo "The number of clients who used the computer lab is ", $count1 + 1, "<br><br>",
"The total number of clients who did not use the computer lab is ", $count2 + 1, "<br><br>",
"The total number of clients today is ", $total, "<br><br>";

echo "The percentage of clients who used the computer lab today is ", (($count1 + 1) / $total) * 100, 
     "%";

$result1->close();
$connection->close();

?>

2 个答案:

答案 0 :(得分:2)

改变这个:

   WHERE DATE BETWEEN '$B_DATE' AND '$E_DATE'


   WHERE DATE BETWEEN '".$_GET["B_Date"]."' AND '".$_GET["E_Date"]."'

让它发挥作用。之后要注意安全。

答案 1 :(得分:2)

根据您的originally posted question

您正在使用name="B_Date"name="E_Date"$_GET['B_DATE']$_GET['E_DATE']一起使用,这是您的代码失败的主要原因。这些变量区分大小写。

需要更改为:

name="B_DATE"name="E_DATE"

这就是为变量获取Undefined index...的原因。

<p> Beginning Date: <input type="text" name="B_Date" /></p>
<p> Ending Date: <input type="text" name="E_Date" /></p>

需要修改为:

<p> Beginning Date: <input type="text" name="B_DATE" /></p>
<p> Ending Date: <input type="text" name="E_DATE" /></p>

然后使用isset()

if(isset($_GET["B_DATE"]) && isset($_GET["E_DATE"])) {

$B_DATE = $_GET['B_DATE'];
$E_DATE = $_GET['E_DATE'];

// ...

$query2 = "SELECT C_LAB, DATE
       FROM CLIENT_CHECKIN
       WHERE DATE BETWEEN '$B_DATE' AND '$E_DATE'
       HAVING C_LAB = 'N'";

// rest of your code down to...

$result1->close();
$connection->close();

}

但是,使用此类方法会让您对SQL injection开放。使用prepared statementsPDO with prepared statements

您也可以使用mysqli_real_escape_string()

进行保护 
$B_DATE = mysqli_real_escape_string($connection,$_GET['B_DATE']);
$E_DATE = mysqli_real_escape_string($connection,$_GET['E_DATE']);


$query2 = "SELECT C_LAB, DATE 
       FROM CLIENT_CHECKIN 
       WHERE DATE BETWEEN '".$B_DATE."' AND '".$E_DATE."' 
       HAVING C_LAB = 'N'";

使用stripslashes()mysqli_real_escape_string()的另一种方法:

$B_DATE = stripslashes($_GET['B_DATE']);
$B_DATE = mysqli_real_escape_string($connection,$_GET['B_DATE']);

$E_DATE = stripslashes($_GET['E_DATE']);
$E_DATE = mysqli_real_escape_string($connection,$_GET['E_DATE']);
相关问题
最新问题