Thread

I’m having a similar problem trying to pass some information from a form to a page that the user can print. Using $_POST and the info is passed along but I get this error.

Notice: Undefined index: item in /home/.capricorn/yahtzeen/steverisher.com/the_matrix/core/core.functions.php(637) : eval()'d code on line 3

I don’t want the data saved to a database in this case. It is just to create a one-time page that users can print out.

I’ve reduced mine to the very basics to try to get it to work. I also admit I’m a PHP novice…

I am not trying to use the embed variable to pass the info.

This is my form.

<form action="{path=thank_you_test}" method="POST">
Name:   <input type="text" name="name">

<input type="submit" value="Thanks!">
</form>

And here is the page to display the results, which works other than the error message. I have the template set to parse PHP on input.

<?php
$name = $_POST['name'];
?> 

<html>
<head></head>
<body>
    <?php
echo "You are $name";

    ?> 
</body>
</html>

Phil I split your replies to a new topic as they are unrelated.

If you access this page without the form being submitted, you will get PHP errors, because the ‘name’ index of $_POST will not be defined.  You can use isset() first before trying to access a POST array key:

<?php
$name = '';

if (isset($_POST['name']))
{
    $name = $_POST['name'];
}
?>

or circumvent the error altogether by using EE’s Input class :

<?php
global $IN;
$name = $IN->GBL('name', 'POST');
?>

<html>
<head></head>
<body>
    <?php
    if ($name !== FALSE)
    {
        echo "You are $name";        
    }
    ?> 
</body>
</html>

Either way, you will want to use $REGX->xss_clean() on the value before outputting it to the browser.

Fixed it!

New code for the display page.

<?php
$name = $_POST['name'];
$nameInputEntities = htmlentities($name);
?> 

<html>
<head></head>
<body>
    <?php
echo "You are $nameInputEntities";

    ?> 
</body>
</html>

Actually, my mistake, your original error says undefined index ‘item’ not name, so I suspect your original PHP code had $_POST[‘item’] instead of $_POST[‘name’].  My comments in my original reply still hold true, though.  You should check if it’s set before using it with one of the two methods shown, and use $REGX->xss_clean() on it before outputting to the browser.  htmlentities() will not hurt, and you can combine that with the above methods.

Thanks!

I was not aware of the EE Input Class. Very helpful.

Not quite sure I understand how to implement the $REGX->xss_clean() though.

Would this be correct?

$name = $REGX->xss_clean($name);

If so does, where in the code should that occur. The beginning? The end?

Also, if I am not inserting this into a database is this step necessary? Just curious because I’m just starting to wrap my head around all this.

Thanks for your help, greatly appreciated.

Yes, since you are going straight to screen, it would still be important.  What it does is prevent users from formatting submitted text in a certain way to exploit browser vulnerabilities that could allow arbitrary script to be executed.  I would perform this step as close to when you are outputting it as possible, so it’s easy to see when reading your code that it has been sanitized.

echo 'You are '.$REGX->xss_clean($name);

Like the other EE objects, you need to reference the global beforehand, like the code sample for the Input class.

global $IN, $REGX;

Doh!

Thanks. It’s been a long time since I’ve done any type of coding outside of html/css.

Thanks. Makes complete sense now.

Happy to help, Phil!