1

This is the exact error that I am getting. My goals is to have the users posts all on their page. If i got rid of the $_GET user id functions then every test user I have will have the same posts on their page.

<?php

$userID = $_GET['user_id'];
$ideas_sql = "SELECT * FROM Ideas ORDER BY id DESC WHERE user_id=$userID";
$query = mysql_query($ideas_sql) or die(mysql_error());
$rsIdeas = mysql_fetch_assoc($query);   


do {
?>
    <h2><a href = 'edit_post.php?id=<?php echo $rsIdeas['id']; ?>'><?php echo $rsIdeas['name']; ?></a></h2>

    <p><?php echo $rsIdeas['keywords']; ?></p>

    <p><?php echo $rsIdeas['description']; ?></p> <!-- Have to change the style of the ideas -->
<?php } while ($rsIdeas = mysql_fetch_assoc($query)) ?>
</div>

Notice: Undefined index: user_id in /Applications/XAMPP/xamppfiles/htdocs/friend_system/my_ideas.php on line 108
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE user_id=' at line 1

Passerby
  • 9,715
  • 2
  • 33
  • 50
user3167386
  • 43
  • 6
  • I looked at what it referenced and it didn't fix my issue. – user3167386 Jan 10 '14 at 01:57
  • 2
    `ORDER BY` must be the last clause in a SQL statement. `SELECT..FROM..WHERE..GROUP BY..HAVING..ORDER BY` – Michael Berkowski Jan 10 '14 at 01:57
  • I took the entire ORDER BY part out to test this and I'm still getting the error Undefined index: user_id in /Applications/XAMPP/xamppfiles/htdocs/friend_system/my_ideas.php on line 108 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 – user3167386 Jan 10 '14 at 02:00
  • 1
    Note that the mysql extension is now deprecated and will be removed sometime in the future. That's because it is ancient, full of bad practices and lacks some modern features. Don't use it to write new code. Use PDO or mysqli_* instead. Your query is prone to SQL Injection. – Mark Jan 10 '14 at 02:05
  • 1
    dumb question but is ?user_id=x actually in the url? – Kai Qing Jan 10 '14 at 02:10
  • no. Would that be an issue? – user3167386 Jan 10 '14 at 02:12
  • If you read from `$_GET` or `$_POST`, you must check that the value is actually present to avoid undefined index errors. `if (isset($_GET['user_id'])) { $userID = $_GET['user_id']; } else { // do something else }` – Michael Berkowski Jan 10 '14 at 02:33
  • This got rid of my error but now no data shows up – user3167386 Jan 10 '14 at 02:44

2 Answers2

0

You have 

$ideas_sql = "SELECT * FROM Ideas ORDER BY id DESC WHERE user_id=$userID";

Change it to:

$ideas_sql = "SELECT * FROM Ideas WHERE user_id='".intval($userID)."' ORDER BY id DESC ";

where cluase has to be before order cluase.

undone
  • 7,857
  • 4
  • 44
  • 69
0

A few problems here.

First you are getting a notice for undefined index user_id. This means that the query paramater "user_id" was not passed.

$_GET['user_id']

First thing you should do is add a little error handling to sort out the undefined index notice. Something like this:

if (!isset($_GET['user_id'])) {
    throw new Exception('user_id query paramater not provided.');
}
$userID = $_GET['user_id'];

Second - the SQL error - because user_id was not provided, your SQL came out as

SELECT * FROM Ideas ORDER BY id DESC WHERE user_id=

Therefore by fixing the first issue, the second is also [partially] resolved because we'll actually have a user ID.

Third - as the other answer has noted, your query order is wrong. it should be

SELECT * FROM Ideas WHERE user_id=$userID ORDER BY id DESC

Also - to prevent SQL injection you should pass your query paramater through a query escape function before inserting it into your query. Since you appear to be using simple mysql function, Use

$userID = "'".mysql_real_escape_string($_GET['user_id'])."'";

And lastly, to stop getting the exception it would now be throwing, you need to ensure your requested URL includes the user_id query paramater:

http://<YOUR URL TO PAGE>?user_id=xxxxxx

Alternately, you may have mistakenly used $_GET in place of $_POST if you are processing a form submission with something like

<form ... method="post">...</form>
Joel Cox
  • 3,289
  • 1
  • 14
  • 31