我该如何解决这个未定义的索引:?

时间:2018-07-23 03:56:44

标签: php bootstrap-4

如何解决此错误?我必须尝试任何操作,但结果是相同的错误。请帮助我解决此问题错误 

[My error][1]

这是我在update.php中的代码: 

    <?php
include_once 'config.php';

$employee_id=$_GET['employee_id'];
$name=$_POST['name'];
$date_of_birth=$_POST['date_of_birth'];
$gender=$_POST['gender'];
$marital_status=$_POST['marital_status'];
$nationality=$_POST['nationality'];
$present_address=$_POST['present_address'];
$city=$_POST['city'];
$country=$_POST['country'];
$phone=$_POST['phone'];
$email=$_POST['email'];
$nip=$_POST['nip'];
$status=$_POST['status'];
$designation=$_POST['designation'];
$joining_date=$_POST['joining_date'];
$leaving_date=$_POST['leaving_date'];
$picture = basename($_FILES['picture']['name']);

if (!empty($_FILES['picture'])) {   
    $path = "admin/gambar/";
    $path = $path . basename($_FILES['picture']['name']);
    if (move_uploaded_file($_FILES['picture']['tmp_name'], $path)) {
        echo "The file " . basename($_FILES['picture']['name']) .
        " has been uploaded";
    } else {
        echo "There was an error uploading the file, please try again";
    }
}

$query = "UPDATE employee_list set name='$name', date_of_birth='$date_of_birth', gender='$gender', marital_status='$marital_status', nationality='$nationality', present_address='$present_address', city='$city', country='$country', phone='$phone', email='$email', nip=$nip, status='$status', designation='$designation', joining_date='$joining_date', leaving_date='$leaving_date', picture='$picture' where employee_id=$employee_id";
?>


Thank you :)

2 个答案:

答案 0 :(得分:0)

您需要使用isset()来避免这些错误。如下所示。

<?php
include_once 'config.php';
if (isset($_POST['employee_id'])) {

$employee_id=$_POST['employee_id'];
$name=$_POST['name'];
$date_of_birth=$_POST['date_of_birth'];
$gender=$_POST['gender'];
$marital_status=$_POST['marital_status'];
$nationality=$_POST['nationality'];
$present_address=$_POST['present_address'];
$city=$_POST['city'];
$country=$_POST['country'];
$phone=$_POST['phone'];
$email=$_POST['email'];
$nip=$_POST['nip'];
$status=$_POST['status'];
$designation=$_POST['designation'];
$joining_date=$_POST['joining_date'];
$leaving_date=$_POST['leaving_date'];
$picture = basename($_FILES['picture']['name']);

if (!empty($_FILES['picture'])) {   
    $path = "admin/gambar/";
    $path = $path . basename($_FILES['picture']['name']);
    if (move_uploaded_file($_FILES['picture']['tmp_name'], $path)) {
        echo "The file " . basename($_FILES['picture']['name']) .
        " has been uploaded";
    } else {
        echo "There was an error uploading the file, please try again";
    }
}

$query = "UPDATE employee_list set name='$name', date_of_birth='$date_of_birth', gender='$gender', marital_status='$marital_status', nationality='$nationality', present_address='$present_address', city='$city', country='$country', phone='$phone', email='$email', nip=$nip, status='$status', designation='$designation', joining_date='$joining_date', leaving_date='$leaving_date', picture='$picture' where employee_id=$employee_id";
}
?>
  

注意:使用准备好的查询来避免SQL注入攻击。

答案 1 :(得分:0)

将所有代码从第4行添加到if语句之后的文件末尾

if (!empty($_GET['employee_id'])) {

    // your code 
}

此外,您的代码对于SQL注入,XSS,CSRF攻击也不安全。您可以使用http://csrf.htmlpurifier.org/库来保护代码免受CSRF攻击。

使用PDO(http://php.net/manual/en/book.pdo.php)保护SQL注入。

相关问题
最新问题