Help - Search - Members - Calendar
Full Version: Notice: Use Of Undefined Constant W
Zymic Webmaster Forums > Zymic Free Web Hosting > Databases & MySQL
Peppo
Sep 18 2009, 02:40 AM
Hi i'm rewriting this topic so i'm just a little hungry laugh.gif I don't speak english very well so sorry.

I'm writing an online game which need to read/write in mysql db. I test my little test script in an other host and it was ok. Now I moved here because it's free but my program doesen't work correctly!
The code returns the value of variable (1) but write some errors before it.

QUOTE
Notice: Undefined index: val in /www/zzl.org/o/n/l/onlinewm/htdocs/page.php on line 7

Notice: Use of undefined constant w - assumed 'w' in /www/zzl.org/o/n/l/onlinewm/htdocs/page.php on line 28

Notice: Use of undefined constant r - assumed 'r' in /www/zzl.org/o/n/l/onlinewm/htdocs/page.php on line 41
1



This is the address where I send some variables: http://onlinewm.zzl.org/page.php?cmd=r&...0000&key=10

And this is the php code:
CODE
<?php


$cmd=$_GET['cmd'];
$sec=$_GET['sec'];
$key=$_GET['key'];
$val=$_GET['val'];
$ret=1;
// Make a MySQL Connection
mysql_connect("localhost", "*****", "****") or die(mysql_error());
mysql_select_db("onlinewm_zzl_*****") or die(mysql_error());

// Create a MySQL table in the selected database
//netvaron! id,gameid,var,val
$sql = "
CREATE TABLE IF NOT EXISTS `netvaron`
(
  `id` int(11) NOT NULL auto_increment,
  `gameid` varchar(10) default NULL,
  `var` varchar(1000) default NULL,
  `val` varchar(1000) default NULL,
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=506
";
mysql_query($sql);

// Insert a row of information into the table "netvaron"
if ($cmd==w){

mysql_query("DELETE FROM netvaron WHERE gameid='".$sec."' AND var='".$key."'")
or die(mysql_error());  

mysql_query("INSERT INTO netvaron
(gameid, var ,val) VALUES('".$sec."', '".$key."' ,'".$val."') ")
or die(mysql_error());  

echo '1';

}

if ($cmd==r){
// Retrieve all the data from the "netvaron" table
$result = mysql_query("SELECT * FROM netvaron WHERE gameid='".$sec."' AND var='".$key."'

ORDER BY id DESC")
or die(mysql_error());  

// store the record of the "netvaron" table into $row
$row = mysql_fetch_array( $result );
// Print out the contents of the entry

echo $row['val'];
}


?>


help me plz
Ed
Sep 18 2009, 02:35 PM
Line 7 is a warning because you're using an index on the super global array $_GET that doesn't exist, you should check they're set before attempting to use them, something like:

CODE
if(isset($_GET['cmd'], $_GET['sec'], $_GET['key'], $_GET['val']))


Line 28:

CODE
if ($cmd==w){


This should be:

CODE
if ($cmd=='w'){


By not quoting it, it assumes it as a constant, if the constant doesn't exist it falls back to a string of that constant, it's poor form not to quote a string and creates a nightmare if you have constants named that.

Line 41 is exactly the same, just quote the r:

CODE
if ($cmd=='r'){


Now there's a more serious note, your script is susceptible to MySQL injection, perhaps do something like:

Replace:
CODE
$cmd=$_GET['cmd'];
$sec=$_GET['sec'];
$key=$_GET['key'];
$val=$_GET['val'];
$ret=1;
// Make a MySQL Connection
mysql_connect("localhost", "*****", "****") or die(mysql_error());
mysql_select_db("onlinewm_zzl_*****") or die(mysql_error());


With:

CODE
$ret=1;

// Make a MySQL Connection
mysql_connect("localhost", "*****", "****") or die(mysql_error());
mysql_select_db("onlinewm_zzl_*****") or die(mysql_error());

if(!isset($_GET['cmd'], $_GET['sec'], $_GET['key'], $_GET['val']))
{
   // Should implement proper error handling here... but for example purposes a die will do
   die('Please ensure all fields are set, invalid page request.');
}

$cmd=mysql_real_escape_string($_GET['cmd']);
$sec=mysql_real_escape_string($_GET['sec']);
$key=mysql_real_escape_string($_GET['key']);
$val=mysql_real_escape_string($_GET['val']);

Peppo
Sep 24 2009, 09:16 PM
Thank u for help, but I don't understand only one thing: How damn it works in altervista and not here? I'm not PHP or mysql expert (i'm learning writing my game...) but it's strange.

P.S. How good is my english? xD
swordz
Sep 24 2009, 09:25 PM
Altervista probably suppresses noticess. We on the other hand like to promote good coding practice and get you to do it right.

Swordz
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.