0

I keep getting this error. And I don't know why... Thanks

Notice: Undefined index: UserID in C:\wamp\www\tweetball\classes\word.class.php on line 35

<?php
session_start();
class Word
{

    private $m_sWord;
    private $m_sMessage;
    private $link;
    public function __set($p_sProperty, $p_vValue)
    {
        switch($p_sProperty)
        {
            case "Message":
                $this->m_sMessage = $p_vValue;
                break;
        }      
    }

    public function __get($p_sProperty)
    {
        $vResult = null;
        switch($p_sProperty)
        {
        case "Message": 
            $vResult = $this->m_sMessage;
            break;
        }
        return $vResult;
    }

    public function Save()
    {
        include("Connection.php");
        $sSql = "insert INTO words (word, FK_UserID) VALUES ('$_POST[message]','$_POST[UserID]')";  

        if ($rResult = mysqli_query($this->link, $sSql))
        {   
            echo "";
        }
        else
        {       
            throw new Exception('We could not save your word!');    
        }                   
        mysqli_close($this->link);
    }



    public function CreateNew()
        {
            $m_sHost = "localhost";
            $m_sUser = "root";
            $m_sPassword = "";
            $m_sDatabase = "tweetball";

                $link = mysqli_connect($m_sHost,$m_sUser,$m_sPassword,$m_sDatabase);
              if($link!=null){
                    $this->link=$link;
                }
                else
                {
                    throw new Exception("There seems to be a database problem. Try again later");
                }

    }
    public function getWord()
    {


            $m_sHost = "localhost";
            $m_sUser = "root";
            $m_sPassword = "";
            $m_sDatabase = "tweetball";


        $sSql = "select * from tweetball where WordID = 1;";    
        if ($rResult = mysqli_query($this->link, $sSql))
        {
            $singleRecord = mysqli_fetch_assoc($rResult);

            $message = $singleRecord['Word'];
        }
        else
        {       
            throw new Exception('We could get your word!'); 
        }                   
        mysqli_close($link);
        return($message);   
    }

}
?>
Laure
  • 41
  • 2
  • 5
  • 4
    I you also take some time to learn about [SQL injection](http://stackoverflow.com/questions/332365/xkcd-sql-injection-please-explain). –  Mar 29 '11 at 17:39

4 Answers4

1

You must define your id in the class, either you use $_REQUEST or $_POST, make sure you have column in your database also of which values your are sending.

akjoshi
  • 15,374
  • 13
  • 103
  • 121
user1990127
  • 13
  • 4
1

You're getting this error because you're referencing an array key "UserID" that is not defined for the array ($_POST in this case). Taking a quick look at your SQL query I notice that your keys are not in quotes, which they need to be.

I won't comment on how incredibly unsafe it is to input unchecked. user data into your database

Brian Driscoll
  • 19,373
  • 3
  • 46
  • 65
0

This is not really an error but more of a notice. It tells you that you're trying to use a variable that's not been manually set. With improper settings this can lead to variable injection.

You can fix this by either turning off the PHP error notices (if you're sure your PHP settings are set up safely, defining all or variables before trying to use them or using if(isset($variable)) before calling it.

tvkanters
  • 3,519
  • 4
  • 29
  • 45
0
$sSql = "insert INTO words (word, FK_UserID) 
    VALUES ('$_POST[message]','$_POST[UserID]')";

There is no $_POST['UserID'] value. Note that array keys (e.g. UserID) are case sensitive.

Also note that what you are doing here is vulnerable to SQL injection and should be changed at once. There are many questions here on SO dealing with what SQL injection is and how to prevent it in PHP.

Jon
  • 428,835
  • 81
  • 738
  • 806