Well first of all you should always make sure you clean up data before you insert it into an SQL query. Your code is vulnerable at the moment. The easiest way is to use mysql_real_escape_string
. Another way would be to send id’s of colors that you have defined already. That way you can be 100% sure that the values you are inserting into your SQL query will be “safe”.
The error is occurring because the parameter color
is not being sent to the server.
You could validate the data before you send it (with Javascript for example), and also validate it on the server. You can use the isset()
function to test if a parameter exists. So in your case –
if (!isset($_POST['color'])){
// return an error here! The color paramter was not sent!
}
References –
6
solved How do I get rid of “Notice: Undefined index” in PHP? [closed]