How to ignore Unidentified index? php mysql

Question

I have unidentified index errors, and sometimes i need it to really be blank.

for example this one. I need this one to be blank because there is already an else statement.

the $_GET is only when the user inputs a date.

$datefrom   = $_GET['datefrom'];
$dateto     = $_GET['dateto'];
if(isset($_GET['datefrom']) && ($_GET['dateto'])){
    $qry = "SELECT sum(order_detail.quantity*order_detail.price) as chenes, orders.date 
        FROM order_detail 
        LEFT JOIN orders 
        ON order_detail.orderid=orders.serial
        WHERE date(orders.date) BETWEEN '$datefrom' AND '$dateto'";
}
else {
    $qry = "SELECT sum(order_detail.quantity*order_detail.price) as chenes, orders.date 
        FROM order_detail 
        LEFT JOIN orders 
        ON order_detail.orderid=orders.serial";
}

how do i ignore the unidentified index error or remove it even if there is a blank? Thank you.

@sevenseacat I know why it is displaying the error, the $datefrom and $dateto is blank, how do i catch that error? If it's blank it wont display the error. — Vince Agno, Sep 21 '14 at 14:26
The error message contains a line number. Locate that line and fix. Yes, `isset` is the right way (one of them actually) but you need to use it at the right place. — Salman A, Sep 21 '14 at 14:46

andy · Answer 1 · 2014-09-21T14:37:07.663

0

The error occurs because you try to access the two indexes 'datefrom' and 'dateto' before actually checking whether they exist using isset(). Put the first two assignments after your if-statement like this:

if(isset($_GET['datefrom']) && isset($_GET['dateto'])){
    $datefrom   = $_GET['datefrom'];
    $dateto     = $_GET['dateto'];
    // ...

Also note that you are vulnerable to SQL-Injections!

edited Sep 21 '14 at 14:37

answered Sep 21 '14 at 14:28

andy

2,002
1
12
21

It is better to use `empty()` than `isset()`. `empty()` does the same as `isset()` but also checks if it is empty or not – SuperDJ Sep 21 '14 at 14:31
1

`$_GET['datefrom']` might also contain an empty string. Think of an input field where the user manually has to specify the date in YYYY-MM-DD, for example. In that case, `empty()` would also return true. – andy Sep 21 '14 at 14:35

score 0 · Answer 2 · edited May 23 '17 at 12:21

Although andy's answer will fix your immediate problem, you have a lot of work to do to make this even somewhat bullet resistant.

You must check that, if one date is supplied, so is the other one. You must check that they're valid dates in a valid format: php date validation

Finally, to further guard against SQL injection attacks, you need to use "bind parameters," which make the DBMS use those parameters as data, no matter if they look like SQL: How to bind SQL variables in Php?

Checking that the dates are valid is not a sufficient guard against SQL injection because you are betting there's not some other error somewhere.

How to ignore Unidentified index? php mysql

2 Answers2