Variable error

webweever

I'm getting this error: Notice: Undefined variable: delete in /homepages/27/d192713422/htdocs/sandbox/bookmark/index.php on line

It's referencing this line:

if($delete){

Total form code:

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

$sql="SELECT * FROM $tbl_name ORDER BY tag ASC";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

?>

<table width="500" border="0" cellspacing="0" cellpadding="0" align="center">
<tr border="0">
<td><form name="form1" method="post" action="">
<table width="500" border="0" cellpadding="2" cellspacing="0" align="center">
<tr>
<td bgcolor="#000000" width="100"><font style="font-size: .75em; font-family: verdana; color: #ffffff;" type="text"><strong>Delete</strong></td>
<td bgcolor="#000000"><font style="font-size: .75em; font-family: verdana; color: #ffffff;" type="text"><strong>Link</strong></td>
</tr>
<?php
$i = true;
while($rows=mysql_fetch_array($result)){
if( $i ) {
    $bg_color = '#FFFFFF';
    $i = false;
} else {
    $bg_color = '#EEEEEE';
    $i = true;
}
?>
<tr>
<td valign="top" width="40" bgcolor="<?php $bg_color ?>"><center><input name="checkbox[]" type="checkbox" id="checkbox[]" value="<? echo $rows['id']; ?>"></center></td>
<td valign="top" bgcolor="<?php $bg_color ?>"><font style="font-size: .75em; font-family: verdana;" type="text"><b><?php echo $rows['name']; ?></b><br>
<font style="font-size: .85em; font-family: verdana; color: #990000;" type="text"><?php echo $rows['description']; ?></font><br>
<font style="font-size: .85em; font-family: verdana; color: #ff0000;" type="text"><a target="_blank" href="<?php echo $rows['url']; ?>"><?php echo $rows['url']; ?></a></font><br>
<font style="font-size: .75em; font-family: verdana;" type="text"><? echo $rows['tag']; ?></font><br></td>
</tr>

<?
$i++;
}
echo "</table>";
?><tr>
<td colspan="5" align="center" bgcolor="#FFFFFF"><input name="delete" type="submit" id="delete" value="Delete"></td>
</tr>
<?
// Check if delete button active, start this 
if($delete){
for($i=0;$i<$count;$i++){
$del_id = $checkbox[$i];
$sql = "DELETE FROM $tbl_name WHERE id='$del_id'";
$result = mysql_query($sql);
}

// if successful redirect to delete_multiple.php 
if($result){
echo "<meta http-equiv=\"refresh\" content=\"0;URL=index.php\">";
}
}
mysql_close();
?>

Any idea why and how I can fix it?

PartDigital

are you building a form of some kind? If so, you don't have any form tags. You must also set the method how you are going to manipulate the information. The most common is "POST"

<form method = "POST">

<!-- your form elements -->

<input type = "submit" name = "delete" value = "Delete" />

</form>

after you build your form you validate the $_POST vars. So for the delete button you would do.

if($_POST['delete'])
{
//your code here

}

bradgrafelman

In other words, your script depended upon the register_globals directive which has long since been deprecated due to security exploits.

I would also recommend changing the short tags '<?' in your script to the full '<?php' tags as the former has also long since been deprecated.

EDIT: Since we're talking so much about security exploits... You should never place user-supplied data directly into a SQL query. Instead, sanitize it with a function such as [man]mysql_real_escape_string/man else you're leaving yourself vulnerable to SQL injection attacks.

Also, if $POST['delete'] doesn't exist, code such as if($POST['delete']) will generate errors. Instead, use [man]isset/man or [man]empty/man to check if the variable isn't set/is empty.