Undefined index: submit but its working fine tried isset but fail

Question

I got this error can anyone help me?

Notice: Undefined index: submit in
D:\xampp\htdocs\testsubject\cntcinfo.php on line 7

This is my code:

if($_POST['submit']=='Update')
{
mysqli_query($link,"    UPDATE usr_profile
                    SET phone='".$_POST['phone']."',
                        email='".$_POST['emails']."',
                        address='".$_POST['address']."',
                        postcode='".$_POST['postcode']."',
                        city='".$_POST['city']."';  
                    ");
header('Location: '.$_SERVER['HTTP_REFERER']);
exit;
}

I tired to use isset but I got this error instead:

Fatal error: Cannot use isset() on the result of an expression (you
can use "null !== expression" instead) in
D:\xampp\htdocs\testsubject\cntcinfo.php on line 7

this is my isset

if(isset($_POST['submit']=='Update'))

Answer 1

If you want to check whether the POST value is set, you will need to use this code:

if(isset($_POST['submit'])) { 
    if($_POST['submit'] == 'Update') {
        //Do work here
    }
}

(or to shorten it):

if(isset($_POST['submit']) && ($_POST['submit'] == 'Update')) {
    //Do work here
}

When you call $_POST['submit']=='Update' inside the isset() function, you are asking it to check whether the result of an expression is set (which it can't process). So you would need to nest it like i've shown above.

If you're finding that you're getting an undefined index, make sure that the form you're posting from has submit set as one of its form elements.

Answer 2

isset is not use for comparison . You can use it as

if(isset($_POST['submit']) && $_POST['submit']=='Update')
{

}

Ans make sure you submit type as

<input type="submit" name="submit" value="Update"/>

Your query is open for sql injection you can use before update

 $phone=mysqli_real_escape_string ( $link , $_POST['phone'] );

Check How can I prevent SQL injection in PHP?

Answer 3

use this

if(isset($_POST['submit']) && $_POST['submit']=='Update')) {
// Your code here
}

Answer 4

Not all browsers send a value for submit buttons, if the form can also be used for adding a user, consider using a checkbox for flagging if it's an update to a user's profile.

You're a sitting duck for SQL Injection attack with that code, you should be using prepared statements which eliminate the risk of SQL Injection attack, you should also be checking to see if MySQL ever returns any errors for the query.

All user submitted data needs to be validated no matter how well you know/trust your users.