Error: Undefined index

Asked

Viewed 236 times

-2

I have this code and you give me the following mistake:

Notice: Undefined index: ID in

<?
require('../members/inc/config.php');
require('../lib/framework.php');

// load the configuration file.
$newsid = $_GET['ID'];

$stmt = $db->query("SELECT * FROM news ORDER BY id = '$newsid' ");
while($myrow = $stmt->fetch(PDO::FETCH_ASSOC)) {

               //now print the results:
               echo "<b>Title: ";
               echo $myrow['Title'];
               echo "</b><br>On: <i>";
               echo $myrow['Date'];
               echo $myrow['Embed'];
               echo "</i><hr align=left width=160>";
               echo $myrow['Hour'];

               // Now print the options to (Read,Edit & Delete the news)
               echo "<br><a href=\"testonho.php?newsid=$myrow[ID]\">Read More...</a>
                || <a href=\"edit_news.php?newsid=$myrow[ID]\">Edit</a>
                 || <a href=\"delete_news.php?newsid=$myrow[ID]\">Delete</a><br><hr>";

             }//end of loop

?> 

I have seen other issues related to this error here on Stackoverflow and I didn’t really find what I wanted. I would like a help to the resolution to this my problem :

  • shows me nothing..

  • The error happens on the line of $_GET? of print_r($_GET);

  • 1

    Yes, on line 6, this: $newsid = $_GET['ID'];

  • Could you put the result of print_r($_GET)

  • I’ve done it and nothing comes up. No results..

  • I could put the html on that one $_GET, is usually a link or a <form>

  • That’s right, it’s suspoto I call the script by the link so: ?newsid=ID_DA_NOTICIA

  • Then you should call $newsid = $_GET['newsid'] in place of $newsid = $_GET['ID'].

  • This solved my error, but does not just select the id I selected.. ss

Show 4 more comments

2 answers

2

There’s a mistake in $myrow[ID] on the three lines of links that form the HTML. The correct should be $myrow['ID']. And it needs to encapsulate between keys because it’s a complex expression. So:

echo "<br><a href=\"testonho.php?newsid={$myrow['ID']}\">Read More...</a>
            || <a href=\"edit_news.php?newsid={$myrow['ID']}\">Edit</a>
             || <a href=\"delete_news.php?newsid={$myrow['ID']}\">Delete</a><br><hr>";

I put in the Github for future reference.

With the new information passed in comment of how the first call is being made it becomes clear that it needs one more change. Line 6 needs to be switched to:

$newsid = $_GET['newsid'];

In addition, it has a beautiful vulnerability that can allow SQL Injection but not related to the reported problem.

  • that’s not it, that’s okay, that’s me in the number line 6 :ss

  • Can you help me get better security? Contra SQL Injection?

  • Just now you are talking on line 6. should have put in question. If that is it, then when you are calling this script has no field with name IDbeing passed to him through GET. Regarding security you would need to open another question to leave organized, if it was a very specific question. There is already a canon on the subject at http://answall.com/q/3864/101

  • http://prntscr.com/5xwddf I have the field ID..

  • This shows nothing useful to solve the problem. Edit your question and put the HTML of the page that calls this script.

  • That’s right, it’s suspoto I call the script by the link so: ?newsid=ID_DA_NOTICIA

  • Change what I’ve been through for you and see if you can fix it.

  • I already changed and now only the error message, nor the list of all news appears. Before appeared the error at the top and the list of news.. Now only this appears: Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in

  • 1

    I added information, see if it solves. If you do not solve it will complicate without seeing how it arrives on this page. Because if it’s herself that calls her you have an egg problem and the chicken. You need the ID to generate this page correctly. And only by generating it correctly will you have the ID necessary. There is no way to resolve this if there is no other passage calling her and resolving the beginning of it.

Show 4 more comments

0


It seems that your code is not expressing your idea is to display only one record, use WHERE clause no select.

$stmt = $db->query("SELECT * FROM news WHERE id = '$newsid' ORDER BY id");

To avoid sql Injection use Prepared statements, it does not change the code much, a step is added to the process:

$sql = 'SELECT * FROM news '; 

 if(!empty($newsid){// caso tenha um id exibe somente ele
    $sql .= ' WHERE id = ? ORDER BY id';
 }    

$stmt = $db->prepare($sql);
$stmt->execute(array($newsid)); // aqui faz o bind da interrogação com $newsid
$itens = $stmt->fetchAll(PDO::FETCH_ASSOC); //retorna todas as linhas de uma vez.

foreach($itens as $myrow){
   echo ....
}

To receive parameters by the url, you need to use the same name defined in the link, e.g.: seusite.com? newsid=ID_DA_NOTICIA, you should call it so

 $newsid = $_GET['newsid'];

and not $_GET['ID'] For the string ID not defined in link.

  • Thank you very much colleague, will it be possible to help me adapt the code against SQL Injection attack? I would appreciate !

  • I just realized that if I don’t put the ?newsid=NUMERO does not appear the list of news, can help me? : ss

Browser other questions tagged

You are not signed in. Login or sign up in order to post.