Help with my Library Management System

spellforce0

hello Can some one please correct my code i am getting Undefined index errors.


<?php
session_start();
include( 'head.php' );
require( 'dbconnect.php' );
if ( !isset( $_SESSION['Adm'] ) )
  {
    echo "<p align=center>";
    echo "<font color=#FF0000 size=5><strong><big>";
    echo "Login As An Administrator<a href='AdminLogin.php'>Login</a>!";
    echo "</big></strong></font></p>";
    exit( );
  } //!isset( $_SESSION['Adm'] )
?>

<?php
$return  = $_POST["return"];
$user_id = $_POST["user_id"];
$book_id = $_POST["book_id"];
$bookbox = $_POST["bookbox"];
if ( $return )
  {
    for ( $i = 0; $i < count( $bookbox ); $i++ )
      {
        if ( $bookbox[$i] == "" )
          {
            next;
          } //$bookbox[$i] == ""
        else
          {
            $book_id   = $bookbox[$i];
            $returnsql = "delete from lend where book_id='$book_id' and user_id='$user_id'";
            mysql_query( $returnsql, $conn ) or die( "Failed" . mysql_error() );
            $now    = date( "Y-m-d" );
            $logsql = "update lend_log set return_time='$now' where book_id='$book_id' and user_id='$user_id'";
            mysql_query( $logsql, $conn ) or die( "Record Failed" . mysql_error() );
            $booksql = "update book set leave_number=leave_number+1 where id='$book_id'";
            mysql_query( $booksql, $conn ) or die( "Return Failed" . mysql_error() );

			echo "<p align='center'>&nbsp;</p>";
			echo "<p align='center'>&nbsp;</p>";
			echo "<p align='center'><font color='red'>Book Return Sucessful</p>";

      }
  } //$i = 0; $i < count( $bookbox ); $i++
  } //$return

?>

Weedpacket

You check to see whether [font=monospace]$SESSION['Adm'][/font] exists before using it, but you never check that any of the [font=monospace]$POST[/font] variables exist before using them.

Nor you have anything in place to handle the possibility that they might not be defined.

Nor do you have any protection in your code from SQL injection (see the description of the [font=monospace]query[/font] parameter on the [man]mysql_query[/man] page.

Also, PHP's developers discourage the use of the MySQL extension for new development, because it will soon be deprecated and then removed from PHP. See the [man]mysql_query[/man] for the warning about that.