-3

I have used a prepared statement to define the id index however, it is telling me that it is undefined for some reason, where and what do i change for this to work?

<?php

$db_username='student';
$db_password='student';
$db = new PDO ('mysql:host=192.168.56.2;dbname=Assessment', $db_username, $db_password);

$result = $db ->prepare("SELECT * FROM Jobs WHERE jobname='".$_GET['id']."' ");
$result->execute();
Qirel
  • 25,449
  • 7
  • 45
  • 62
m.cru
  • 9
  • 2

2 Answers2

1

Try this:

<?php

$db_username='student';
$db_password='student';
$db = new PDO ('mysql:host=192.168.56.2;dbname=Assessment', $db_username, $db_password);

if(isset($_GET['id'])) {
$result = $db ->prepare("SELECT * FROM Jobs WHERE jobname=?");
$result->execute(array($_GET['id']);`enter code here
}
else {echo('$_GET["id"] not set');}
user1032531
  • 24,767
  • 68
  • 217
  • 387
  • you should use empty instead of isset, that way, if it's set and its empty it will still say it isn't set – Yann Chabot Jan 06 '16 at 17:48
  • 1
    @YannChabot But `empty()` will result in zero being empty, no? Or maybe not since it is a string? – user1032531 Jan 06 '16 at 17:50
  • You're right @user1032531 ! make it !empty, sorry for my bad. !empty will return false if variable is set and not empty, while isset will only return if the variable exists, but it won't check if it has a value – Yann Chabot Jan 06 '16 at 17:50
0

First, verify that $_GET['id'] has a value. Second, for security, change some lines:

$result = $db ->prepare("SELECT * FROM Jobs WHERE jobname=:id");

$result->execute(array(':id' => $_GET['id']));
Allan
  • 273
  • 1
  • 8