-1
 9 <?php include 'db.php';
10 $vin = $_GET['VIN'];
11 $query = "SELECT * FROM INVENTORY WHERE VIN='$vin'";

I understand this is a beginner issue, but I'm having trouble understanding why I'm receiving this error:

(!) Notice: Undefined index: VIN in C:\wamp\www\php\viewcar.php on line 10

I have a VIN column in the MySQL database and I'm not sure why it's not displaying. Please help.

Michael Erickson
  • 15
  • 5
  • 1
    Possible duplicate of [PHP: "Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset"](http://stackoverflow.com/questions/4261133/php-notice-undefined-variable-notice-undefined-index-and-notice-undef) – Marcin Orlowski Mar 07 '17 at 20:05
  • 1
    **WARNING**: This has some severe [SQL injection bugs](http://bobby-tables.com/) because `$_GET` data is used inside the query. Whenever possible use **prepared statements**. These are quite straightforward to do in [`mysqli`](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [PDO](http://php.net/manual/en/pdo.prepared-statements.php) where any user-supplied data is specified with a `?` or `:name` indicator that’s later populated using `bind_param` or `execute` depending on which one you’re using. **NEVER** put `$_POST` or `$_GET` data directly in your query. – tadman Mar 07 '17 at 20:15

2 Answers2

0

in PHP $_GET is an associative array, so in the case of $_GET['VIN'] the index is 'VIN'. $_GET is filled with parameters passed in the url, while it is possible to change how your http server handles get parameters the most common is like this http://yoursite.com/mypage.php?parameter1=value1&parameter2=value2 in your case since since your are receiving the error on line 10 it means there is no item in your $_GET array with the index of 'VIN'. The easiest way to prevent this error would be something like this

<?php include 'db.php';
    if(isset($_GET['VIN'])){
        $vin=$_GET['VIN'];
        $query="SELECT * FROM INVENTORY WHERE VIN=:vin";
        $stmt=$pdo->prepare($query);
        $stmt->bindParam(':vin',$vin);
        $products = array();
        if ($stmt->execute()){
            //handle results
        }
    }else{
        //handle VIN not being set
    }

Please also note that you should not concatenate your query, ever so in my example I showed using PDO and a prepared statement. you can learn more about using PDO here http://php.net/manual/en/book.pdo.php

Jpsh
  • 1,697
  • 12
  • 17
0

In order for it to work you have to enter a VIN number after the url. The VIN number that is located in your database. Without the VIN number nothing works.

viewcar.php?VIN=1B3EL46J25N513802

This returns the following

2005 Dodge Stratus 
Asking Price: 7995.00 
Exterior Color: Blue
Interior Color: Gray
Stephen Rauch
  • 47,830
  • 31
  • 106
  • 135
ljf0021
  • 1