-1

I was making search page use in PHP. But that is a error. Please tell me my error.

The errors are:

Notice: Undefined variable: post_title in I:\xampp\htdocs\tsooj\includes\search_page.php on line 22

Notice: Undefined variable: post_content in I:\xampp\htdocs\tsooj\includes\search_page.php on line 26

Source code is here:

<div id="content-main">
    <?php
    include("includes/connect.php");
    
    if(isset($_GET['search'])){
    
    $search_id = $_GET['value'];
    
    $search_query = "select * from posts where post_keywords like '%$search_id%'";
    
    $run_query = mysql_query($search_query);
    
    while ($search_row = mysql_fetch_array($run_query)){
    
    $post_title = $search_row['post_title'];
    $post_image = $search_row['post_image'];
    $post_content = substr($search_row['post_content'],0,150);
    }
    ?>
<h1>Your Search Result is here:<h1>

<h2><?php echo $post_title; ?></h2>

<img src="images/<?php echo $post_image; ?>">;

<p><?php echo $post_content; ?></p>

<?php } ?>
    
</div>
Community
  • 1
  • 1
user2655498
  • 11
  • 1
  • 1
  • 2
  • Perhaps your loop is not running, because you have zero rows being returned from your query. Thus, the variables defined within are not set. Perhaps move the results statements into the while loop? – halfer Sep 07 '13 at 08:31
  • Also, escape your variables before including them in a query, else you'll get hacked. – halfer Sep 07 '13 at 08:32
  • 1
    [**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). – Madara's Ghost Sep 07 '13 at 08:46
  • Declare/Define your variables before calling them....That's programming. – ErickBest Sep 07 '13 at 08:49

6 Answers6

1

you just need to define your variable before using it. see the code below.

//define your variable here
$post_title = "";
$post_content = "";

if(isset($_GET['search'])){
Rameshwor Maharjan
  • 242
  • 2
  • 3
  • 10
1

The variable $post_content; is defined inside the if statement... It is meant to be used only inside the if statement.... have it first declared outside the if then call it inside the if and / or anywhere else i.e. in the echo part.

ErickBest
  • 4,586
  • 5
  • 31
  • 43
1

It's because your mysql_query() function can't run your query! I'll rewrite your code:

<div id="content-main">
    <?php
    include("includes/connect.php");
    if(isset($_GET['search']) && isset($_GET['value'])){
    if(mysql_set_charset('utf-8')){
     $search_id = mysql_real_escape_string($_GET['value']);
     $search_query = "SELECT * FROM post WHERE post_keywords LIKE '%".$search_id."%'";
     $run_query = mysql_query($search_query);
     if($run_query){
         while ($search_row = mysql_fetch_array($run_query)){
         $post_title = $search_row['post_title'];
         $post_image = $search_row['post_image'];
         $post_content = substr($search_row['post_content'],0,150);
         echo "<h1>Your Search Result is here:<h1>
                    <h2>$post_title</h2>
                    <img src=\"images/$post_image\">;
                    <p>$post_content</p>
                    </div>";
    }
    else{
         echo 'Mysql error: '.mysql_error(); exit();
   }
  }
   else{
          echo 'Mysql couldn\'t set charset'; exit();
   }
}        
?>

UPDATE: mysql_real_escape_string() function clean user inputs to prevent SQL Injectoin.

01e
  • 691
  • 3
  • 14
  • Good answer, although this replicates the SQL injection problem from the question. Would you fix? – halfer Sep 07 '13 at 09:03
  • 1
    Ah, don't forget to `\"` escape your attribute strings, or switch to single quotes for the attributes. – halfer Sep 07 '13 at 09:30
  • @halfer for SQL injection, he should validate inputs, [more](http://php.net/manual/en/security.database.sql-injection.php) from php manual, post edited and thanks for your attention ;). – 01e Sep 07 '13 at 09:48
  • Of course - the point I was making was that, if you notice a problem, point it out in your answer. It is one of the commonest security issues in PHP, imo, and anything we can do to educate on the topic is good. – halfer Sep 07 '13 at 10:02
  • Okay @halfer, I agree, post updated. let me know is another things to do to better this post? in this post can use `regex` or `str_replace` to clean it but I don't know which values will recieve in `value` variable! – 01e Sep 07 '13 at 10:49
0

Try var_dump($run_query) to see what exactly it is holding ur result? and verify if 'post_title' it's with

Abdelhadi Tawil
  • 33
  • 5
0
if(isset($_GET['search']) &&  $_GET['search']!='')
{

 $search_query = "select * from posts where post_keywords like '%" .$search_id. "%' ";

$run_query = mysql_query($search_query);

    while ($search_row = mysql_fetch_array($run_query)){

    $post_title = $search_row['post_title'];
    $post_image = $search_row['post_image'];
    $post_content = substr($search_row['post_content'],0,150);
    }
}
halfer
  • 19,824
  • 17
  • 99
  • 186
khan
  • 51
  • 1
0

I suspect its because when your page loads the $_GET['search'] variable is not set therefore the if statement is not run. This means there is no reference to $post_title.

Do this:

<h2><?php if (isset($post_title)){ echo $post_title;} ?></h2>
kaizenCoder
  • 2,211
  • 6
  • 33
  • 64