php cannot define variable

Question

for some reason i cant find my error why i cant define my $id variable and paste it into my my_sqly query. everything else is working fine.

Any help would be greatly appreciated.

This is my PHP "process" file (update.php)

    if (isset($_POST['button1'])) 
    { 
        $id = $_POST["id"];
        mysql_query("DELETE FROM member WHERE id = '".$id."'") or die("cannot execute the query");

    }

and my other file

while($row = mysql_fetch_assoc($results))
        {
            $id = $row["id"];
            //echo '<form action="update.php" method="post">';
            echo '<table border="1">';
            echo '<tr>';
                echo '<td> '.$row["username"].'</td>';
                echo '<td> '.$row["password"].' </td>';
                echo '<form method="POST" action="update.php">';
                echo '<input type="hidden" name="return_url" value="'.$_SESSION["return_url"].'" />';
                echo "<input type='hidden' name='hidden_id' value='$id' />";
                echo '<input type="submit" name="button1"  value="My Button">';
                echo '</form>';     
}

**Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Feb 02 '14 at 16:34
Your HTML is invalid. You cannot have a form element as a child of a tr element. — Quentin, Feb 02 '14 at 16:34

Paul Facklam · Answer 1 · 2014-02-02T16:38:36.120

2

Change

$id = $_POST["id"];

to

$id = $_POST["hidden_id"];

That is the name of your input field and not only "id"

edited Feb 02 '14 at 16:38

answered Feb 02 '14 at 16:33

Paul Facklam

1,623
12
16

score 1 · Accepted Answer · edited May 23 '17 at 10:25

1

You are using hidden_id as name for the input where you store $id from previous request. So to access it, you need to do

$id = $_POST["hidden_id"];

For future reference, take a look at How can I prevent SQL injection in PHP? as you are not sanitizing your user input.

edited May 23 '17 at 10:25

Community

1
1

answered Feb 02 '14 at 16:33

Michal Brašna

2,293
13
17

php cannot define variable

2 Answers2