php - 打开php文档时不断收到php通知错误

Question

我有一个 php 表单，但每次打开它所在的 php 文档时，我都会收到这些 php 通知错误:

注意:未定义索引:第 37 行/web/stud/u0867587/MOBILEPHP/exam_interface.php 中的 sessionid

注意:未定义索引:第 38 行/web/stud/u0867587/MOBILEPHP/exam_interface.php 中的 moduleid

注意:未定义索引:/web/stud/u0867587/MOBILEPHP/exam_interface.php 第 39 行的teacherid

注意:未定义索引:studentid位于/web/stud/u0867587/MOBILEPHP/exam_interface.php第40行

注意:未定义索引:第 41 行/web/stud/u0867587/MOBILEPHP/exam_interface.php 中的成绩

当我点击提交按钮时，通知就会消失，但是我需要做什么才能在打开 php 文档时，未定义索引上不会出现通知错误？

下面是编码:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Exam Interface</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>

<form action="exam_interface.php" method="post" name="sessionform">        <!-- This will post the form to its own page"-->
<p>Session ID: <input type="text" name="sessionid" /></p>      <!-- Enter Session Id here-->
<p>Module Number: <input type="text" name="moduleid" /></p>      <!-- Enter Module Id here-->
<p>Teacher Username: <input type="text" name="teacherid" /></p>      <!-- Enter Teacher here-->
<p>Student Username: <input type="text" name="studentid" /></p>      <!-- Enter User Id here-->
<p>Grade: <input type="text" name="grade" /></p>      <!-- Enter Grade here-->
<p>Order Results By: <select name="order">
<option name="noorder">Don't Order Results</option>
<option name="ordersessionid">Session ID</option>
<option name="ordermoduleid">Module Number</option>
<option name="orderteacherid">Teacher Username</option>
<option name="orderstudentid">Student Username</option>
<option name="ordergrade">Grade</option>
</select>
<p><input type="submit" value="Submit" /></p>
</form>

<?php

$username="u0867587";
$password="xxxxxxx";
$database="mobile_app";

mysql_connect('localhost',$username,$password);

@mysql_select_db($database) or die("Unable to select database");

$sessionid = $_POST['sessionid'];
$moduleid = $_POST['moduleid'];
$teacherid = $_POST['teacherid'];
$studentid = $_POST['studentid'];
$grade = $_POST['grade'];

$result = mysql_query("SELECT * FROM Module m INNER JOIN Session s ON m.ModuleId = s.ModuleId JOIN Grade_Report gr ON s.SessionId = gr.SessionId JOIN Student st ON gr.StudentId = st.StudentId WHERE ('$sessionid' = '' OR gr.SessionId = '$sessionid') AND ('$moduleid' = '' OR m.ModuleId = '$moduleid') AND ('$teacherid' = '' OR s.TeacherId = '$teacherid') AND ('$studentid' = '' OR gr.StudentId = '$studentid') AND ('$grade' = '' OR gr.Grade = '$grade')");

$num=mysql_numrows($result);    

echo "<table border='1'>
<tr>
<th>Student Id</th>
<th>Forename</th>
<th>Session Id</th>
<th>Grade</th>
<th>Mark</th>
<th>Module</th>
<th>Teacher</th>
</tr>";

while ($row = mysql_fetch_array($result)){

 echo "<tr>";
  echo "<td>" . $row['StudentId'] . "</td>";
  echo "<td>" . $row['Forename'] . "</td>";
  echo "<td>" . $row['SessionId'] . "</td>";
  echo "<td>" . $row['Grade'] . "</td>";
  echo "<td>" . $row['Mark'] . "</td>";
  echo "<td>" . $row['ModuleName'] . "</td>";
  echo "<td>" . $row['TeacherId'] . "</td>";
  echo "</tr>";
}

echo "</table>";

mysql_close();


 ?>

</body>
</html>

Answer 1

这是因为表单尚未发布，并且这些值为空。替换为如下内容:

$sessionid = isset($_POST['sessionid']) ? $_POST['sessionid'] : "";
$moduleid = isset($_POST['moduleid']) ? $_POST['moduleid'] : "";
$teacherid = isset($_POST['teacherid']) ? $_POST['teacherid'] : "";
$studentid = isset($_POST['studentid']) ? $_POST['studentid'] : "";
$grade = isset($_POST['grade']) ? $_POST['grade'] : NULL;

并且这些必须在用于数据库查询之前进行清理，以保护您的应用程序免受 SQL 注入(inject)攻击。

$sessionid = mysql_real_escape_string($sessionid);
$moduleid = mysql_real_escape_string($moduleid);
$teacherid = mysql_real_escape_string($teacherid);
$studentid = mysql_real_escape_string($studentid);
$grade = mysql_real_escape_string($grade);

强烈建议从数据库调用中删除 @，因为它隐藏了这些调用可能导致的错误消息。相反，请使用 ini_set("display_errors", 0); 来避免生产代码中屏幕上显示错误。

// Remove the @
@mysql_select_db(...)