PHP - Notice: Undefined variable: _REQUESTS

Question

Hi i'm creating a site with a search box this is already done in asp and im redoing it in php (which I am new too) and it will take you to another page where it searches the db using sql. The search-process.php file is below

<?php
$db = realpath("db\unibookv2.mdb");
$conn = new COM('ADODB.Connection') or exit('Cannot start ADO.');
$connStr = "PROVIDER=Microsoft.Jet.OLEDB.4.0;
Data Source=$db";
$conn->Open($connStr);



$sql = "SELECT * FROM ubuser WHERE usr_firstname LIKE '%" . $_REQUESTS['searchinput'] .  "%' OR usr_lastname LIKE '%" . $_REQUESTS['searchinput'] . "%' ORDER BY '%" . $_REQUESTS['orderlist'] . "%' ";

$userRs = $conn->Execute($sql);
if (!$userRs)
    {exit("DBMS Error..!");}
?>


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>PHP Search Results - ADO-COM connection!</title>
<meta http-equiv="content-type" content="application/xhtml+xml; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="css/unibookStyle.css" />
</head>
<!-- #include FILE="include/header.asp") -->


<body>
<div id="container"><!-- start container -->

<h2>USER DATABASE</h2>

<!-- start of dynamic html page -->
<h2>PHP/ADO-COM (MS Access) basic parameterised example</h2>
<h3>You searched for : '<?php echo $_REQUEST['searchinput']; ?>' - 

<hr align="left" width="658" />

<?php
// example of testing for EOF in resultset  
if (!$userRs->EOF)
{
echo "one or more records found<br />";
}
else
{
echo "sorry, no records found<br />";
}
?>

<!-- start of html table -->
    <table border="0" width="758" cellspacing="0" cellpadding="3">

    <!-- create the first (heading) row in standard HTML -->
    <tr class="tableheading">
        <td><b>Usr_id</b></td><td><b>firstname</b></td><td>&nbsp;<b>lastname</b></td><td>&nbsp;</td>

    </tr>
<!-- loop in PHP to retrieve all records -->
<?php
    $nrecs=0;
    while (!$userRs->EOF) { 
    $nrecs++;   
    ?>
    <tr>
    <!-- use in-line PHP to display the data -->
        <td><?php echo $userRs->Fields['usr_id']->Value ?></td>
        <td><?php echo $userRs->Fields['usr_firstname']->Value ?></td>
        <td><?php echo $userRs->Fields['usr_lastname']->Value ?></td>
    </tr>
    <!-- important line as it moves the resultset 'cursor' -->
    <?php $userRs->MoveNext() ?>
<?php } ?>
</table>


<?php
// close and destroy object instances
$userRs->Close();
$conn->Close();

$userRs = null;
$conn = null;

// display records found to page
echo "<br />Number of records found: " . $nrecs;
?>

<p>&nbsp;</p>
<hr align="left" width="658">

<input type="button" value="< Back to Search Page" OnClick="top.location='default.asp'">

<!-- #include FILE="include/sidebar.asp") -->

<!-- #include FILE="include/footer.asp") -->
</div>
<!-- end main page content -->

</body>
</html>

This is the error I am getting about the variables being undefined, im assuming this is the "[searchinput]" twice and once for the "[orderlist]"

Notice: Undefined variable: _REQUESTS in H:\STUDENT\S0190204\part1\search-process.php on line 10 Notice: Undefined variable: _REQUESTS in H:\STUDENT\S0190204\part1\search-process.php on line 10 Notice: Undefined variable: _REQUESTS in H:\STUDENT\S0190204\part1\search-process.php on line 10

Other problems are the search term used does not work and the order by also, but i have a feeling these problems are going to be solved by the same thing

Answer 1

It must be $_REQUEST and not $_REQUESTS.Also beware of sql injection since you are directly using the values.Use prepare statemnts to prevent sql injnection.

From the documentation

$_REQUEST is an associative array that by default contains the contents of $_GET,

$_POST and $_COOKIE. The variables in $_REQUEST are provided to the script via the GET, POST, and COOKIE input mechanisms and therefore could be modified by the remote user and cannot be trusted. The presence and order of variables listed in this array is defined according to the PHP variables_order configuration directive

You can look into the php documentation for more