Lots of "Undefined variable: action in xx" in this program

a1strank

The program used to work fine on an older machine (I did not make this, just trying to back it up to a new machine) and when I moved everything it is starting to get a list of Undefined variable: action in error codes. What can I do to solve this program? Thanks for the help I have no knowledge in PHP whatsoever so please bear with me..I have this installed in IIS, PHP4 (if I use php5 it refuses to work, the program was written back in 2003 by some guy..) and MYSQL 4 I think.. My thinking ATM is that I don't have MYSQL setup correctly..but I don't know.

Program #2 - I tried setting this up with an older version of WAMP - replaced mySQL folder with this older version and the program worked - no error codes but I cannot add or find entries..the program is suppose to save the data and be able to pull it out later for records.. again Thanks for the help..here are some screenshots..

http://img269.imageshack.us/img269/9550/gilsl1.jpg

http://img2.imageshack.us/img2/3759/gills2.jpg

As you can see the screenshots above..the program is not suppose to have those black, red, and green error codes..it works fine when I tried with an old version of WAMP but I cannot save/open the database

johanafm

I've never used PHP4, so I may be way off, but I'd start by checking php.ini for register globals. I'm assuming the program was written to use it (and you shouldn't), so if you do not know how to code that would be an easy, albeit dirty, fix.

The_Chancer

You can suppress them by putting an @ in front of the variable names concerned. This is normally bacause the variable names are not instanciated (if thats the right word), or they are called when they have no value (or are destroyed). Setting them to a $var = ""; will also resolve this within the code.

You can also change the error reporting level to stop these...

a1strank

Thx I will try to do that..i tried to edit my original post but i couldn't.

anyway I was trying to say PROBLEM #2 not program 2

NogDog

The "undefined constant" errors are probably due to not quoting the array key. See Why is $foo[bar] wrong?.

The others are often due to trying to assign a POST or GET variable that was not actually received (or some other variable that may or may not be defined):

$name = $_POST['name'];

This can be avoided without error-suppression (and thus making the code more robust) by checking if the variable is defined before assigning it.

if(isset($_POST['name']))
{
   $name = $_POST['name'];
}
else
{
   $name = 'default value';
}

A more compact form of that uses the "ternary" operator:

$name = (isset($_POST['name'])) ? $_POST['name'] : 'default value';

a1strank

johanafm;10927239 wrote:
I've never used PHP4, so I may be way off, but I'd start by checking php.ini for register globals. I'm assuming the program was written to use it (and you shouldn't), so if you do not know how to code that would be an easy, albeit dirty, fix.

checked the php.ini under Windows folder and I see..

register_globals = Off

I still have no clue how to fix this problem..here are some codes in the customer.php

<?
include("common.php");
include("layout.php");

// clear company page session
$_SESSION[currcompanyid] = "";
$_SESSION[sqlwhere2] = "";

if ($db = @mysql_connect($dbhostname,$dbusername,$dbpassword)) {
	mysql_select_db("$dbName") or die("Unable to select database\n");
}

$errmsg = ""; $error = "";

if (mysql_error() != "") {
	$sqlerr = mysql_error();
	$error = "There is a problem with your database, please contact wenchang for help<br>$sqlerr"; 
} else {

$submit = trim($submit);

if ($submit != "") $action = "";

if ($action != "") {
	$area=$z;$phone1 = $a;$phone2=$b;$mon=$c;$day=$d;$year=$e;$ticket=$f;$quantity=$g;$price=$h;

}


/************** delete all found records ****************/
if ($action == "DeleteAll") {
	if ($_SESSION[custsqlwhere] != "") {
		mysql_query("DELETE FROM custrecord $_SESSION[custsqlwhere]",$db);

		if (mysql_error() != "") {
			$sqlerr = mysql_error();
			$error = "There is a problem with your database, please contact wenchang for help<br>$sqlerr"; 
		} else {
			$errmsg = "Records displayed have been deleted!";
		}
	} else {
		$errmsg = "No records to delete!";
	}
}

if ($submit == "" && $action == "") {
	// initialize variables
	$mon = date('m');
	$day = date('d');
	$year = date('Y');
}

/*************** clear and reset the screen ***************/		
if ($submit == "Clear") {
	$area == "000";$phone1 = "";$phone2 = "";$mon = "";$day = "";$year = "";$ticket = "";$quantity = "";$price = "";
	$_SESSION[custsqlwhere] = "";
	header("Location: $httploc/customer.php?action=clear");
	exit;
}

/*************** delete by date range ***************/
if ($submit == "Delete") {
	$delmon = trim($delmon);$delday = trim($delday);$delyear = trim($delyear);
	$delmon2 = trim($delmon2);$delday2 = trim($delday2);$delyear2 = trim($delyear2);
	if ($delmon == "" || !is_numeric($delmon)) $errmsg2 = "Start Month is not valid.";
	if ($delday == "" || !is_numeric($delday)) $errmsg2 = "Start Day is not valid.";
	if ($delyear == "" || !is_numeric($delyear)) $errmsg2 = "Start Year is not valid.";
	if ($delmon2 == "" || !is_numeric($delmon2)) $errmsg2 = "End Month is not valid.";
	if ($delday2 == "" || !is_numeric($delday2)) $errmsg2 = "End Day is not valid.";
	if ($delyear2 == "" || !is_numeric($delyear2)) $errmsg2 = "End Year is not valid.";
	if ($errmsg2 == "") {
		$start = strtotime("$delyear-$delmon-$delday");
		$start = date('Y-m-d',$start);
		$end = strtotime("$delyear2-$delmon2-$delday2");
		$end = date('Y-m-d',$end);
		$sql = "DELETE FROM custrecord where date_in >= '$start' and date_in <= '$end'";
		mysql_query($sql,$db);
		if (mysql_error() != "") {
			$sqlerr = mysql_error();
			$error = "There is a problem with your database, please contact wenchang for help<br>$sqlerr"; 
		} else {
			$errmsg2 = "Records between date range $start and $end has been deleted";
		}
	}
}

/************ add new records ***********/	
if ($submit == "Add New") {
	$sqlwhere = "";
	$phone1 = trim($phone1);
	$phone2 = trim($phone2);
	if ($phone1 == "" || strlen($phone1) != 3) $errmsg = "Please enter a valid phone number.";
	if ($phone2 == "" || strlen($phone2) != 4) $errmsg = "Please enter a valid phone number.";

	if ($area == "000") $phone = "$phone1-$phone2";
	else $phone = "$area-$phone1-$phone2";

	$mon = trim($mon);
	$day = trim($day);
	$year = trim($year);
	if ($mon == "" || !is_numeric($mon)) $errmsg = "Month is not valid.";
	if ($day == "" || !is_numeric($day)) $errmsg = "Day is not valid.";
	if ($year == "" || !is_numeric($year)) $errmsg = "Year is not valid.";
	if ($errmsg == "") {
		$thedate = strtotime("$year-$mon-$day");
		$thedate = date('Y-m-d',$thedate);
	}

	$ticket = trim($ticket);
	$quantity = trim($quantity);
	$price = trim($price);		
	if ($ticket == "") $errmsg = "Ticket Number is not valid.";
	if ($quantity == "" || !is_numeric($quantity)) $errmsg = "Quantity is not valid.";
	if ($price == "" || !is_numeric($price)) $errmsg = "Please enter a valid price.";

	if ($errmsg == "") {
		// insert into database
		$sql = "INSERT INTO custrecord (phone,date_in,ticketnum,quantity,price) VALUES ";
		$sql .= "('$phone','$thedate','$ticket',$quantity,'$price')";
		mysql_query($sql,$db);
		if (mysql_error() != "") {
			$sqlerr = mysql_error();
			$error = "There is a problem with your database, please contact wenchang for help<br>$sqlerr"; 
		} else {
			$lastid = mysql_insert_id();
			$sqlwhere = "where ID=$lastid";
			$result = mysql_query("select * from custrecord $sqlwhere",$db);
			$_SESSION[custsqlwhere] = $sqlwhere;
			$rows = mysql_num_rows($result);
			$errmsg = "Insert New Record Successful!";
			// clear
			$area = "000";$phone1 = "";$phone2 = "";$mon = date('m');$day = date('d');$year = date('Y');$ticket = "";$quantity = "";$price = "";
			$_SESSION[custsqlwhere] = "";
		}
	}
}

/************ find records ************/
if ($submit == "Find" || $action == "Find") {
	$sqlwhere = "";
	$phone1 = trim($phone1);
	$phone2 = trim($phone2);
	$mon = trim($mon);
	$day = trim($day);
	$year = trim($year);
	$ticket = trim($ticket);
	$quantity = trim($quantity);
	$price = trim($price);

	if ($area != "000") $phone = "$area%-";
	else $phone = "%";

	if ($phone1 != "") $phone .= "$phone1%-";
	else $phone .= "%";

	if ($phone2 != "") $phone .= "$phone2%";
	else $phone .= "%";

	if ($phone != "%%%") $sqlwhere = "phone like '$phone'";


	if ($mon != "" && $day != "" && year != "") {
		$thedate = strtotime("$year-$mon-$day");
		$thedate = date('Y-m-d',$thedate);
		if ($sqlwhere != "") $sqlwhere .= " AND ";
		$sqlwhere .= "date_in = '$thedate'";
	}
	if ($ticket != "") {
		if ($sqlwhere != "") $sqlwhere .= " AND ";
		$sqlwhere .= "ticketnum = '$ticket'";
	}
	if ($quantity != "") {
		if ($sqlwhere != "") $sqlwhere .= " AND ";
		$sqlwhere .= "quantity = $quantity";
	}
	if ($price != "") {
		if ($sqlwhere != "") $sqlwhere .= " AND ";
		$sqlwhere .= "price = '$price'";
	}
	if ($sqlwhere != "") $sqlwhere = "WHERE ".$sqlwhere;

	$sql = "SELECT * FROM custrecord $sqlwhere order by date_in";

	$result = mysql_query($sql,$db);
	if (mysql_error() != "") {
		$sqlerr = mysql_error();
		$error = "There is a problem with your database, please contact ..

This is the everything.. just copied and pasted about half of it

bradgrafelman

a1strank wrote:
I still have no clue how to fix this problem

Try reading NogDog's post above again, then. For more information, see this manual page: [man]variables.external[/man].

Also, when posting PHP code, please use the board's [noparse]

[/noparse] bbcode tags as they make your code much easier to read and analyze.

EDIT: Saw a [noparse]

 tag but no matching

, so I added it to your post.[/noparse]

EDIT2: Also note that your code is vulnerable to SQL injection attacks. User-supplied data should never be placed directly into SQL queries. Instead, you must first sanitize it with a function such as [man]mysql_real_escape_string/man.