Error with php variables, i don't understand

Question

I have a problem with a var in my php code .. I don't understand how

there is my code :

<fieldset>
 <?
 if(isset($_POST['requete']) && $_POST['requete'] != NULL){
   include "connexion.inc";
   $reponse = $bdd->query('SELECT id_piece, piece 
   FROM tbl_piece 
   WHERE piece = '.$requete.' ');
   while($donnees = $reponse->fetch()){
    echo $donnees['id_piece'];
   }
 }
 else{
  echo $requete;
 }
 ?>         
  <form method="post" action="standard.php">
  <input type="text" name="requete">
  <input type="submit" value="Rechercher">
  </form>
  </fieldset>

So, on my web page, there is just a text box with a button to validate and " test " onto the textbox, yeh there i understand, my var is ok and all is alright my script is waiting my Keyword to find in my table ok I write " AD202 " which is present in my table and click on my button and then i get this error

 Notice: Undefined variable: requete in /home/libtronic/www/html/standard.php on line 52

and .. i don't understand how to keep my var declared and assigned with my "AD202" keyword

Could you help me :/ ?

Is the file above standard.php? If not please provide the code for that file too... — Peter Featherstone, Sep 13 '16 at 14:53
maybe you could look at this exact duplicate question : http://stackoverflow.com/questions/39470620/sqlstate42000-violation-1064-in-a-select — YvesLeBorg, Sep 13 '16 at 14:54
Concatenation with a posted variable isn't the way to build a query, see how to bind a parameter. — Casimir et Hippolyte, Sep 13 '16 at 14:55

score 2 · Answer 1 · answered Sep 13 '16 at 14:55

The error's self-explanatory, your variable, $requete, is not defined anywhere in your code.

I assume that you are referring to $_POST['requete'], to define it you'll need to add a line like this:

$requete = $_POST['requete'];

And to prevent MySQL injection, you can use mysqli_real_escape_string: ($link is the connection parameter)

$requete = mysqli_real_escape_string($link, $_POST['requete']);

Note: You need to define it before you use the variable which means before $reponse = ...

Alternatively, if you don't want to define it, you can use $_POST['requete'] directly, however it might be at risk to SQL injection.

score 0 · Answer 2 · answered Sep 13 '16 at 14:55

0

You don't have declared $requete, just add it before your query:

$requete = $_POST["requete"];

answered Sep 13 '16 at 14:55

Neobugu

333
6
15

score 0 · Accepted Answer · answered Sep 13 '16 at 14:55

You try to use a variable without defining it first. Also, it would be safer and better practise to use prepared statements within your php code to avoid nasty surprises ( sql injection )

<fieldset>
    <?php
        if(isset($_POST['requete']) && $_POST['requete'] != NULL){
            include "connexion.inc";

            /* define the variable!! */
            $requete=$_POST['requete'];

            $reponse = $bdd->query('SELECT id_piece, piece 
                FROM tbl_piece 
                WHERE piece = '.$requete.' ');

            while($donnees = $reponse->fetch()){
                echo $donnees['id_piece'];
            }
        } else{
            echo $requete;
        }
    ?>
    <form method="post" action="standard.php">
        <input type="text" name="requete">
        <input type="submit" value="Rechercher">
    </form>
</fieldset>

score 0 · Answer 4 · answered Sep 13 '16 at 15:06

Your problem is

$reponse = $bdd->query('SELECT id_piece, piece 
FROM tbl_piece 
WHERE piece = '.$requete.' ');

Either you capture $requete

$requete=$_POST['$requete'];

before the statement or

Your line should be

 $reponse = $bdd->query("SELECT id_piece, piece 
 FROM tbl_piece 
 WHERE piece = '$_POST[requete]'");

This is not adviceable as it is open to SQL injection.

Ideally you should sanitize any incoming Variables _POST or _GET before using them for further functions.And the $reponse->fetch() should be better with $response->fetch_assoc()

Error with php variables, i don't understand

4 Answers4