0

I am trying to build an Android app which queries a server to get the latitude and longitude for the given destination. However there seems to be an error in my PHP code as it shows the following error when I input the address in the web browser.

Notice: Undefined variable: destination in C:\xampp\htdocs\serverfiles\btc.php on line 6
{"result":[{"latitude":null,"longitude":null}]}

This is my btc.php file:

<?php
if($_SERVER['REQUEST_METHOD']=='GET'){
$id  = $_GET['destination'];
$con = mysqli_connect("127.0.0.1", "root", "", "bustrack");

$sql = "SELECT * FROM updates WHERE destination='".$destination."'";
$r = mysqli_query($con,$sql);
$res = mysqli_fetch_array($r);
$result = array();
array_push($result,array(
"latitude"=>$res['latitude'],
"longitude"=>$res['longitude'],
)
);
echo json_encode(array("result"=>$result));
}
halfer
  • 19,824
  • 17
  • 99
  • 186
John
  • 9
  • 7
  • _"Notice: Undefined variable: destination"_ Well... where did you define it? – Don't Panic Apr 07 '17 at 19:54
  • 1
    Possible duplicate of [PHP: "Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset"](http://stackoverflow.com/questions/4261133/php-notice-undefined-variable-notice-undefined-index-and-notice-undef) – Matt Apr 07 '17 at 19:55
  • Your code is vulnerable to SQL injection attacks. You should use [mysqli](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) or [PDO](http://php.net/manual/en/pdo.prepared-statements.php) prepared statements as described in [this post](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky Apr 07 '17 at 19:55
  • change this `$id = $_GET['destination'];` to this `$destination = $_GET['destination'];` – dparoli Apr 07 '17 at 20:13
  • Thank you for pointing that out Alex!!! – John Apr 08 '17 at 07:10

2 Answers2

1

$sql = "SELECT * FROM updates WHERE destination='".$destination."'"; The variable $destination does not exist. You need to declare it before using it. I believe the variable $id is what you want, looking to your code.

Xidh
  • 582
  • 1
  • 5
  • 19
0

This issue is that you never assign $destination a variable:

$id  = $_GET['destination'];
$con = mysqli_connect("127.0.0.1", "root", "", "bustrack");

$sql = "SELECT * FROM updates WHERE destination='".$destination."'";

You should do this:

$id  = $_GET['destination'];
$con = mysqli_connect("127.0.0.1", "root", "", "bustrack");

$sql = "SELECT * FROM updates WHERE destination='".$id."'";
BlackHatSamurai
  • 23,275
  • 22
  • 95
  • 156