access to $_POST

<?php
session_start();
if(isset($_SESSION['s1']))
{
$uname=$_SESSION['s2'];
echo "<b><i>hello ".$_SESSION['s1'];
echo "</b></i>";

}
else{
$name="none";
}
?>
<html>
<head>
<title>Doctor</title>
<form method="post">
<?php

$connection=Mysql_connect('localhost','admin','123');
Mysql_select_db('db',$connection);
//agar patient list ro khast

if(array_key_exists('sub3',$_POST))
{                      

                if(!$connection)
                {
                        echo 'connection is invalid';
                }
                else
                {

                        $query="select * from pnt";
                        $result=mysql_query($query);
                        $num=Mysql_num_rows($result);
                        $num1=Mysql_num_fields($result);

                if($num>0)
                {
                echo "<table border=0>";
                echo"<tr>";
                echo"<td>ID</td><td>Name</td><td>Family</开发者_运维百科td><td>File</td>";
                echo"</tr>";
                for($i=0;$i<$num;$i++)
                {
                $row=mysql_fetch_row($result);

                for($j=0;$j<$num1;$j++)
                {
                echo"<td>$row[$j]</td>";       
                }
                echo"<td><input type='submit' name='sub6' value='$row[0]'/></td>
                <td><img src='file.jpg' width='50' height='50' /></td>";
                echo"</tr>";
                }//for

                echo"</table>";
                }//if

                }//else

exit();
}
//agar zado clinical filo khast
if(array_key_exists('sub6',$_POST))
{

$query1="select * from patient where id=".$_POST['sub6'];
$result1=mysql_query($query1);

$num2=Mysql_num_rows($result1);
$num3=Mysql_num_fields($result1);
                if($num2>0)
                {
                echo "<table border=2>";
                for($i=0;$i<$num2;$i++)
                {
                $row=mysql_fetch_row($result1);


                echo"<td>id</td><td>name</td><td>Lastname</td><td>Info</td><td>Sympthoms</td><td>Diagnosis</td>";
                echo "<tr>";
                for($j=0;$j<$num3;$j++)
                {
                echo"<td>$row[$j]</td>";       
                }
                echo"</tr>";
                }//for
                echo"</table>";
                }//if
                        $query2="select * from pharmacies";
                        $result2=mysql_query($query2);
                        $nump=Mysql_num_rows($result2);

echo "Please Select a Pharmacy:<select ID=2 name='ph'>";
echo"<option >select please";
for($i=0;$i<$nump;$i++)
{
$row=mysql_fetch_row($result2);
echo"<option value=$row[1]>$row[1]";
echo"</option>";
}
echo"</SELECT>";       
$query2="select * from pharmacy";
$result2=mysql_query($query2);
$nump=Mysql_num_rows($result2);

echo "Please Select Drug:<select ID=1 name='dg'>";
echo"<option >select please";
for($i=0;$i<$nump;$i++)
{
$row=mysql_fetch_row($result2);
echo"<option  >$row[0]";
echo"</option>";
}
echo"</SELECT>";       
echo"<input type='submit' name='insert' value='insert this drug'/>";
echo"<b>Quantity:<input type='text' name='txt1'/>";
exit();
}//if
if(array_key_exists('insert',$_POST))
{
$qname="select * from pnt where id=".$_POST['sub6'];
$resname=mysql_query($qname);
$rown=mysql_fetch_row($resname);
$na=$rown[1];
$ins="insert into request(drug,qty,ph,situation,Doctor,userp)values('".$_POST['dg']."',".$_POST['txt1'].",'".$_POST['ph']."','underprocess','$uname','$na')";
echo $ins;
$rlt=mysql_query($ins);
if (!$rlt)
{
print(mysql_errno() .":". mysql_error());
}
}

if(array_key_exists('insert',$_POST))
{
$in="select * from request";
$rslt=mysql_query($in);
if (!$rslt)
{
print(mysql_errno() .":". mysql_error());
}

$num2=Mysql_num_rows($rslt);
$num3=Mysql_num_fields($rslt);
                if($num2>0)
                {
                echo "<table border=2>";
                echo"<td>id</td><td>drug</td><td>quantity</td><td>Doctor</td><td>explanation</td><td>pharmacy</td>";
                for($i=0;$i<$num2;$i++)
                {
                $row=mysql_fetch_row($rslt);

                echo "<tr>";
                for($j=0;$j<$num3;$j++)
                {
                echo"<td>$row[$j]</td>";       
                }
                echo"</tr>";
                }//for
                echo"</table>";
                }//if
}
if(array_key_exists('sub4',$_POST))
{
header("location:login.php");
}
?>
<input type="submit" name="sub3" value="patient list"/>
<input type="submit" name="sub4" value="sign out"/>
<img src="Doc.jpg" />
</form>
</head>
</html>

---

$_POST is a global, or rather 'super global'. It should be accessible anywhere in your script, including inside conditional statements, functions and classes.

Are you SURE $_POST['sub6'] is set?

On an unrelated side-note, don't please ever do this:

$qname="select * from pnt where id=".$_POST['sub6'];

Assigning values from $_POST without filtering it for proper values is one of the most common vulnerabilities in php scripting.

---

You enter this condition only when "insert" is a key in POST. Then you try to make a query using "sub6", which may not be set. You simply have to test that "sub6" exists before using it in a query (like the rest of the keys of $_POST)