Using php variables in sql from different php blocks (Undefined variable: xxxx)

Question

I was following this tutorial on how to modify a sql database. Everything seems fine in that but when i run my code below i get an error saying undefined index in line 11 and 12 are not defined. Can anybody point my mistake? Can i even use variable from one block in another?(the guy in the tutorial does)

<?php
include '/connection.php';
if(!isset($_POST['submit'])){
$query="SELECT * FROM SHOP WHERE ID=$_GET[id]";
$result=mysqli_query($conn,$query)or die(mysqli_error($conn));
$shop=mysqli_fetch_array($result);
}
?>
<form action="modify.php" method="POST">
    <input name="name" value="<?php echo $shop['name']; ?>">  //error here 
    <input name="city" value="<?php echo $shop['city']; ?>">  //and here
    <input type="hidden" name="id"  value="<?php echo $_GET['id']; ?>">
    <input type="submit" name=submit value="modify">
</form>
<?php 
if(isset($_POST['submit'])){
$q1="UPDATE shop SET name='$_POST[name]',city='$_POST[city]' WHERE ID=$_POST[id]";
   mysqli_query($conn,$q1)or die(mysqli_error($conn));
}
?>

Terrible tutorial, don't follow that, any tutorial that tells you to put user provided data directly into your query is horrid. http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 — chris85, Jun 01 '15 at 04:45
Its a beginners tutorial dude! no one cares bot security there! chill! — , Jun 01 '15 at 04:48
Okay, then begin with horrible practices. Good luck with that. — chris85, Jun 01 '15 at 04:49
Anyway @chris85 thanks for directing me to that link... I will need it later! — , Jun 01 '15 at 04:58

Vikas Umrao · Answer 1 · 2015-06-01T04:46:52.943

Try to read and use parametrized queries (PDI or mysqli) as these are vulnerable for sql injection.

You need to define $shop=array("shop"=>"","city"=>""); on top of page:

<?php
    include '/connection.php';
    $shop=array("shop"=>"","city"=>"");
    if(!isset($_POST['submit'])){
    $query="SELECT * FROM SHOP WHERE ID=$_GET[id]";
    $result=mysqli_query($conn,$query)or die(mysqli_error($conn));
    $shop=mysqli_fetch_array($result);
    }
    ?>
    <form action="modify.php" method="POST">
        <input name="name" value="<?php echo $shop['name']; ?>">  //error here 
        <input name="city" value="<?php echo $shop['city']; ?>">  //and here
        <input type="hidden" name="id"  value="<?php echo $_GET['id']; ?>">
        <input type="submit" name=submit value="modify">
    </form>
    <?php 
    if(isset($_POST['submit'])){
    $q1="UPDATE shop SET name='$_POST[name]',city='$_POST[city]' WHERE ID=$_POST[id]";
       mysqli_query($conn,$q1)or die(mysqli_error($conn));
    }
    ?>

OR you can put isset like this:

<?php
    include '/connection.php';

    if(!isset($_POST['submit'])){
    $query="SELECT * FROM SHOP WHERE ID=$_GET[id]";
    $result=mysqli_query($conn,$query)or die(mysqli_error($conn));
    $shop=mysqli_fetch_array($result);
    }
    ?>
    <form action="modify.php" method="POST">
        <input name="name" value="<?php if(isset($shop['name'])) echo $shop['name']; ?>">  //error here 
        <input name="city" value="<?php if(isset($shop['city'])) echo $shop['city']; ?>">  //and here
        <input type="hidden" name="id"  value="<?php echo $_GET['id']; ?>">
        <input type="submit" name=submit value="modify">
    </form>
    <?php 
    if(isset($_POST['submit'])){
    $q1="UPDATE shop SET name='$_POST[name]',city='$_POST[city]' WHERE ID=$_POST[id]";
       mysqli_query($conn,$q1)or die(mysqli_error($conn));
    }
    ?>

solved! mostly a problem with database cuz the index doesn't exist as @Danish Bhayani said! — , Jun 01 '15 at 04:56

score 0 · Answer 2 · answered Jun 01 '15 at 04:47

0

This is because the shop variable does not have the required indexes. try this:

<?php
include '/connection.php';
if(!isset($_POST['submit']))
{
    $query="SELECT * FROM SHOP WHERE ID=$_GET[id]";
    $result=mysqli_query($conn,$query)or die(mysqli_error($conn));
    $shop=mysqli_fetch_array($result);
}
?>
<form action="modify.php" method="POST">
    <input name="name" value="<?php echo isset($shop['name']) ? $shop['name'] : ''; ?>">
    <input name="city" value="<?php echo isset($shop['city']) ? $shop['city'] : ''; ?>">
    <input type="hidden" name="id"  value="<?php echo $_GET['id']; ?>">
    <input type="submit" name=submit value="modify">
</form>
<?php 
if(isset($_POST['submit']))
{
    $q1="UPDATE shop SET name='$_POST[name]',city='$_POST[city]' WHERE ID=$_POST[id]";
    mysqli_query($conn,$q1)or die(mysqli_error($conn));
}
?>

answered Jun 01 '15 at 04:47

Danish Bhayani

425
3
7

could you also explain the source of the error. Why is 'shop' empty array(or why is the query returning nothing)? Is it a problem with the 'query' syntax because the database is fine. – Jun 01 '15 at 05:01
try to debug your $query to get the actual query. Is your $_GET[id] coming fine? – Danish Bhayani Jun 01 '15 at 05:02
I switched back to my original code and added a `header("Location: index.php");` after line 18(just before closing the last if) and it works perfectly... No error... why? – Jun 01 '15 at 05:58
It is kindof long... But all index.php does is display all rows... I moved the disccusion with index.php here as it is irrelavent to what i asked here. – Jun 01 '15 at 06:05

Using php variables in sql from different php blocks (Undefined variable: xxxx)

2 Answers2