Keep getting php notice error when opening up php document

I have a php form but everytime I open up the php document it is on, I keep getting these php notice errors:

Notice: Undefined index: sessionid in /web/st开发者_C百科ud/u0867587/MOBILEPHP/exam_interface.php on line 37

Notice: Undefined index: moduleid in /web/stud/u0867587/MOBILEPHP/exam_interface.php on line 38

Notice: Undefined index: teacherid in /web/stud/u0867587/MOBILEPHP/exam_interface.php on line 39

Notice: Undefined index: studentid in /web/stud/u0867587/MOBILEPHP/exam_interface.php on line 40

Notice: Undefined index: grade in /web/stud/u0867587/MOBILEPHP/exam_interface.php on line 41

When I click on the submit button the notices go away but what do I need to do so that when I open up the php document, there are no notice errors on undefined index?

Below is the coding:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Exam Interface</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>

<form action="exam_interface.php" method="post" name="sessionform">        <!-- This will post the form to its own page"-->
<p>Session ID: <input type="text" name="sessionid" /></p>      <!-- Enter Session Id here-->
<p>Module Number: <input type="text" name="moduleid" /></p>      <!-- Enter Module Id here-->
<p>Teacher Username: <input type="text" name="teacherid" /></p>      <!-- Enter Teacher here-->
<p>Student Username: <input type="text" name="studentid" /></p>      <!-- Enter User Id here-->
<p>Grade: <input type="text" name="grade" /></p>      <!-- Enter Grade here-->
<p>Order Results By: <select name="order">
<option name="noorder">Don't Order Results</option>
<option name="ordersessionid">Session ID</option>
<option name="ordermoduleid">Module Number</option>
<option name="orderteacherid">Teacher Username</option>
<option name="orderstudentid">Student Username</option>
<option name="ordergrade">Grade</option>
</select>
<p><input type="submit" value="Submit" /></p>
</form>

<?php

$username="u0867587";
$password="xxxxxxx";
$database="mobile_app";

mysql_connect('localhost',$username,$password);

@mysql_select_db($database) or die("Unable to select database");

$sessionid = $_POST['sessionid'];
$moduleid = $_POST['moduleid'];
$teacherid = $_POST['teacherid'];
$studentid = $_POST['studentid'];
$grade = $_POST['grade'];

$result = mysql_query("SELECT * FROM Module m INNER JOIN Session s ON m.ModuleId = s.ModuleId JOIN Grade_Report gr ON s.SessionId = gr.SessionId JOIN Student st ON gr.StudentId = st.StudentId WHERE ('$sessionid' = '' OR gr.SessionId = '$sessionid') AND ('$moduleid' = '' OR m.ModuleId = '$moduleid') AND ('$teacherid' = '' OR s.TeacherId = '$teacherid') AND ('$studentid' = '' OR gr.StudentId = '$studentid') AND ('$grade' = '' OR gr.Grade = '$grade')");

$num=mysql_numrows($result);    

echo "<table border='1'>
<tr>
<th>Student Id</th>
<th>Forename</th>
<th>Session Id</th>
<th>Grade</th>
<th>Mark</th>
<th>Module</th>
<th>Teacher</th>
</tr>";

while ($row = mysql_fetch_array($result)){

 echo "<tr>";
  echo "<td>" . $row['StudentId'] . "</td>";
  echo "<td>" . $row['Forename'] . "</td>";
  echo "<td>" . $row['SessionId'] . "</td>";
  echo "<td>" . $row['Grade'] . "</td>";
  echo "<td>" . $row['Mark'] . "</td>";
  echo "<td>" . $row['ModuleName'] . "</td>";
  echo "<td>" . $row['TeacherId'] . "</td>";
  echo "</tr>";
}

echo "</table>";

mysql_close();


 ?>

</body>
</html>

---

That is because the form hasn't posted yet, and these values are empty. Replace with something like:

$sessionid = isset($_POST['sessionid']) ? $_POST['sessionid'] : "";
$moduleid = isset($_POST['moduleid']) ? $_POST['moduleid'] : "";
$teacherid = isset($_POST['teacherid']) ? $_POST['teacherid'] : "";
$studentid = isset($_POST['studentid']) ? $_POST['studentid'] : "";
$grade = isset($_POST['grade']) ? $_POST['grade'] : NULL;

And these must be sanitized before used in a database query, to protect your application from SQL injection attacks.

$sessionid = mysql_real_escape_string($sessionid);
$moduleid = mysql_real_escape_string($moduleid);
$teacherid = mysql_real_escape_string($teacherid);
$studentid = mysql_real_escape_string($studentid);
$grade = mysql_real_escape_string($grade);

It is highly advisable to remove the @ from your database calls, as it hides error messages that may result from those calls. Instead, use ini_set("display_errors", 0); to avoid errors showing onscreen in your production code.

// Remove the @
@mysql_select_db(...)

---

Replace these lines:

$sessionid = $_POST['sessionid'];
$moduleid = $_POST['moduleid'];
$teacherid = $_POST['teacherid'];
$studentid = $_POST['studentid'];
$grade = $_POST['grade'];

with:

$sessionid = isset($_POST['sessionid']) ? $_POST['sessionid'] : '';
$moduleid = isset($_POST['moduleid']) ? $_POST['moduleid'] : '';
$teacherid = isset($_POST['teacherid']) ? $_POST['teacherid'] : '';
$studentid = isset($_POST['studentid']) ? $_POST['studentid'] : '';
$grade = isset($_POST['grade']) ? $_POST['grade'] : '';

Also, I recommend you remove the password from your source code pasted here!

---

The first time you open up your php file, you already assign $_POST values to variables. However, these are not set yet at the moment. Try an if(isset($_POST['name'])) before the assignments to prevent this.

---

you need to give the :

$sessionid 
$moduleid 
$teacherid 
$studentid
$grade

variables a default value like this :

$sessionid = 0;
$moduleid = 0;
$teacherid = 0;
$studentid = 0;
$grade = 0;

then use them to get the $_POST array values like this :

$sessionid = $_POST['sessionid'];
$moduleid = $_POST['moduleid'];
$teacherid = $_POST['teacherid'];
$studentid = $_POST['studentid'];
$grade = $_POST['grade'];

so the final code will be :

$sessionid = 0;
$moduleid = 0;
$teacherid = 0;
$studentid = 0;
$grade = 0;
$sessionid = $_POST['sessionid'];
$moduleid = $_POST['moduleid'];
$teacherid = $_POST['teacherid'];
$studentid = $_POST['studentid'];
$grade = $_POST['grade'];

---

That's because you're assigning the variables even when they are not set.

Use isset(); or empty(); for the $_POST[] variables

if isset($_POST['variable']){
    $variable  = $_POST['variable'];
}

Don't just leave it open.

---

The first time you open the page the code will try to look for the data that it expects was posted but since you didnt submit the form yet, it isnt there. You need to check to see if the $_POST['sessionid']; etc etc is posted THEN assign he values to the variables.

---

I recommend using only one verification at the beginning.

if (!empty($_POST)) {
    // Get variables from $_POST
}