-1

I want to create sql table dynamically I know that the syntax to create a new table is

CREATE TABLE MyTab (mycolumn VARCHAR(30))

but i want to decide the name and the column name of the table with a user input. i tried to do this

PHP: 
<?php
$newTab=$_POST['user_input'];
$myCol=$_POST['user_column'];
$conn = new mysqli(my server,username,password,db);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql="CREATE TABLE $newTab ($myCol VARCHAR(30))";
?>

HTML:
<!doctype html>
<head>
</head>
<body>
<form name="user" action="my.php" Method="POST">
<button onCLick="user_f();" type="button">Submit</button> 
<input type="hidden" name="user_input"></input>
<input type="hidden" name="user_column"></input>
</form>
</body>
</html>

it's a really simple html page,i simply want only to test what i want to do.

JS:
user_f(){
var x=prompt('tell me...');
var y=prompt('say to me...');
document.user.user_input.value=x;
document.user.user_column.value=y;document.user.submit();}

the error that return is this "Notice:Undefined index:newTab" in which way I can solve this? Thanks I try to explain what i want to do. I want to create a Table with SQL. But for create table i must use this syntax

CREATE TABLE myTab (first VARCHAR(30),second VARCHAR(30));

But to assing the name of the table i must assign it in my file. I want that this name is established by the user and not from me.To do this i used the input (this input are in the form,they are in the hidden input) and when i submit this value in the input,with $_POST i catch it and i want to put this value in the name of the table. Something like this

 JS x=prompt("select the name of the table");
 SQL CREATE TABLE x (first VARCHAR(30),second VARCHAR(30));

the error still persist... Hope you can stand me.I speak english very bad sorry for all.

Giovanni Giordano
  • 37
  • 1
  • 7
  • possible duplicate of [undefined error in code](http://stackoverflow.com/questions/14496785/undefined-error-in-code) – david strachan Jan 10 '15 at 15:02
  • Are you sure $newTab is definitely populated? try `var_dump($newTab);` on the line before you execute the query. – Maltronic Jan 10 '15 at 15:05
  • This is a common error when learning php. Get a good book. – Ankit Jan 10 '15 at 15:32
  • 2
    In general, you shouldn't dynamically create tables. Use a single table and make what you current plan to be the table name the value of one of the columns (which should probably be a foreign key on another table) – Quentin Jan 10 '15 at 15:34
  • thanks for comment.No,it don't solve the problem. – Giovanni Giordano Jan 10 '15 at 17:26

2 Answers2

2

There are a few things wrong with your code.

First, there is this block:

$newTab=$_POST['user_input'];
$myCol=$_POST['user_column']
$sql="CREATE TABLE $newTab ($myCol VARCHAR(30));"

If the above is your actual code (I take posted code literally), you're missing a semi-colon at the end of the second line, and the quote in the third should be before the semi-colon.

$newTab=$_POST['user_input'];
$myCol=$_POST['user_column'];
$sql="CREATE TABLE $newTab ($myCol VARCHAR(30))";

However, if your entry/entries contains anything that SQL will complain about, such as a space or a hyphen, use ticks around the variables:

$newTab=$_POST['user_input'];
$myCol=$_POST['user_column'];
$sql="CREATE TABLE `$newTab` (`$myCol` VARCHAR(30))";

This is assuming that you've already established a DB connection and depending on the MySQL API you are using, need to query the DB.

An example would be:

$sql=mysqli_query($con,"CREATE TABLE `$newTab` (`$myCol` VARCHAR(30))");

Sidenote: Add or die(mysqli_error($con)) to mysqli_query() in case of error(s).

Then you have the word "function" missing in your JS; again, if that is actual code:

function user_f(){
var x=prompt('tell me...');
var y=prompt('say to me...');
document.user.user_input.value=x;
document.user.user_column.value=y;document.user.submit();
}

Full HTML/form code would be:

<!doctype html>

<head>
</head>

<body>
<script>

function user_f(){
var x=prompt('tell me...');
var y=prompt('say to me...');
document.user.user_input.value=x;
document.user.user_column.value=y;document.user.submit();
}

</script>

<form name="user" action="my.php" Method="POST">
<button onCLick="user_f();" type="button">Submit</button>
<input type="hidden" name="user_input">
<input type="hidden" name="user_column">
</form>

</body>
</html>
  • In testing this, and entering the words "one" and "two" in the prompts, did in fact echo those words after submission with no Undefined index notices.

However, it is best to use isset() in any case. empty() is another which you can use to test if left empty.

It's unclear whether you're using the entire code inside the same page or in two seperate files.

Nota:

If you're using it all inside the same file, then do as Newbie states in their answer. That will explain the Undefined index notices.

As Halfer pointed out in comments, you would leave yourself open to SQL injection. Use mysqli with prepared statements, or PDO with prepared statements, they're much safer.

There is a good article here on Stack on the subject:

Edit:

The following worked perfectly for me, using "table_a_test" for the table name, and "column_a_test" for the column name.

Replace the DB credentials with your own.

Use two different files. One for your HTML form, and the other for the table creation code.

This one being your "my.php" file:

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

$DB_HOST = 'xxx';
$DB_USER = 'xxx';
$DB_PASS = 'xxx';
$DB_NAME = 'xxx';

$db = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($db->connect_errno > 0) {
  die('Connection failed [' . $db->connect_error . ']');
}

if(isset($_POST['user_input']) && isset($_POST['user_column'])){
  $newTab = $_POST['user_input'];
  $myCol = $_POST['user_column'];

$sql = "CREATE TABLE `$newTab` (`$myCol` VARCHAR(30))";


if(!$result = $db->query($sql)) {
    die('There was an error running the query [' . $db->error . ']');
}

else {

    echo "Successful query.";

}

}

/*
echo $newTab;
echo "<br>";
echo $myCol;
*/

?>

Nota:

  • You will need to make sure that the table doesn't already exist, otherwise SQL will throw an error, as such which it will when using $db->error which is included in the above.

Edit: (as per didierc's comment, thank you)

The back tick key might not be located at the same spot on an Italian keymap.

Community
  • 1
  • 1
Funk Forty Niner
  • 73,764
  • 15
  • 63
  • 131
  • And, er, SQL injection. `:--)` – halfer Jan 10 '15 at 15:53
  • 1
    @halfer Yes indeed, good point. I will make an additional note about that. Uno momento ;-) – Funk Forty Niner Jan 10 '15 at 15:54
  • 1
    @halfer Thanks for the edit. I get my wires crossed sometimes lol – Funk Forty Niner Jan 10 '15 at 16:00
  • Ops,you are right.I'm very sorry.I wrong to copy the code.Thank you so much for answer.When i write it i do it very fast and i don't verify if it is correct what i write.But in my code is all right.First at second line i put the semicolon.Second i established a connection with the server and it work.I'm a newbie in SQL.the php and the html are in separeted File.Really sorry for all the error.Thanks a lot.Anyway my problem still remains.Mh what i can do?I suppose that the php variable are not supported into SQL line code... – Giovanni Giordano Jan 10 '15 at 16:41
  • @GiovanniGiordano No problema Giovanni. That should work, I can't see the problem as to why it would fail. Upon testing, it did in fact echo out the words I used in the form. Can you edit your question with the new code, but please mark it as an **edit** underneath your original question/code, as to not overwrite your original. Plus, show us exactly how it is being used. – Funk Forty Niner Jan 10 '15 at 16:44
  • @GiovanniGiordano Reload my answer and look near the end under **EDIT**. This worked perfectly well for me. – Funk Forty Niner Jan 10 '15 at 17:09
  • Ehi what type of char is this -`- ?I can't do it with my keyboard can you tell me how do i it?please – Giovanni Giordano Jan 10 '15 at 17:30
  • The problem is not the echo of the value,but sql not know how to do here SQL: CREATE TABLE $newTab ($myCol VARCHAR(30)); It don't work exactly here. – Giovanni Giordano Jan 10 '15 at 17:43
  • @GiovanniGiordano Just copy/paste my exact code into a new file. The tick `\`` is the character over to the left of the number 1. Or, if your table and column do not contain spaces or hyphens `-` then do a test with "table_test_1" with underscores between words and "column_test_1" for the column name. You can remove the ticks if your table/column are in one word. Again, I tested this and got no problems. Did you also copy/paste the HTML form where it says "Full HTML/form code would be:"? – Funk Forty Niner Jan 10 '15 at 17:46
  • 1
    The back tick key might not be located at the same spot on an Italian keymap. See http://superuser.com/questions/667622/italian-keyboard-entering-the-tilde-and-backtick-characters-without-cha – didierc Jan 10 '15 at 19:23
  • @didierc Thanks for the link. I've made an edit to that effect. – Funk Forty Niner Jan 10 '15 at 19:26
  • Now it work,sorry for all the disturb.The mistake that i do is the name of the input was different from the $_POST value – Giovanni Giordano Jan 11 '15 at 14:49
  • @GiovanniGiordano Not a problem at all Giovanni. I'm glad it is working for you now, *cheers* – Funk Forty Niner Jan 11 '15 at 14:50
  • @GiovanniGiordano Si Giovanni, *arrivederci!* – Funk Forty Niner Jan 11 '15 at 19:16
1

Your code does not check whether the form is submitted before reading values of the global.

1) Give a name to submit button

<button onCLick="user_f();" name="submit" type="button">Submit</button>

2) Surround your php code with isset() function.

isset($_POST['submit'])
    {
        $newTab=$_POST['user_input'];
        $myCol=$_POST['user_column'];
        // other logic 
    }

More details on isset function here.

Ankit
  • 2,040
  • 3
  • 17
  • 32