While displaying updated values the $_GET return undefined index error but on normal redirection $_GET method give the correct values

Question

This question may look similar but please understand my problem.In my update page I got confused with $_GET method. In my first page I gave a link to edit the table like this

index.php

<?php
include_once("db.php");

    $result1 = mysqli_query($connect, "SELECT * FROM mrinsert WHERE userid='{$_SESSION['user_id']}'");
?>
 <?php 

        while($res = mysqli_fetch_array($result1)) {         
            echo "<tr>";
            echo "<td>".$res['bugta']."</td>";
            echo "<td>".$res['releaseta']."</td>";
            echo "<td>".$res['ccota']."</td>";    
            echo "<td><a href=\"mredit.php?mrinsertid=$res[mrinsertid]\">Edit</a> | <a href=\"mrdelete.php?mrinsertid=$res[mrinsertid]\" onClick=\"return confirm('Are you sure you want to delete?')\">Delete</a></td>";        
        }
        ?>

my mredit.php page displaying with existing values by using mrinsertid. but when try to update the values it giving error in this place:

<?php
//getting id from url


$mrinsertid = $_GET['mrinsertid']; //ERROR Undefined index 

 //selecting data associated with this particular id
$result = mysqli_query($connect, "SELECT * FROM mrinsert WHERE mrinsertid=$mrinsertid"); //WARNING in this line

while($res = mysqli_fetch_array($result))
{
    $releaseta=$res['releaseta'];
    $keyta=$res['keyta'];
    $programleadsta=$res['programleadsta']; 
    $ccota=$res['ccota']; 
    $nextmilestonesta=$res['nextmilestonesta'];
    $bugta=$res['bugta'];
    $risksta=$res['risksta'];
    $summaryta=$res['summaryta'];

    ?>

My whole mredit.php:

<?php
// including the database connection file
include_once("db.php");

if(isset($_POST['update']))
{    
    $mrinsertid = mysqli_real_escape_string($connect,$_POST['mrinsertid']);
    $releaseta= mysqli_real_escape_string($connect,$_POST['releaseta']);    
    $keyta= mysqli_real_escape_string($connect,$_POST['keyta']);
    $programleadsta= mysqli_real_escape_string($connect,$_POST['programleadsta']);
    $ccota= mysqli_real_escape_string($connect,$_POST['ccota']);
    $nextmilestonesta= mysqli_real_escape_string($connect,$_POST['nextmilestonesta']);          
    $bugta= mysqli_real_escape_string($connect,$_POST['bugta']);
    $risksta= mysqli_real_escape_string($connect,$_POST['risksta']);
    $summaryta= mysqli_real_escape_string($connect,$_POST['summaryta']);







    // checking empty fields
    if(empty($releaseta) || empty($keyta) || empty($programleadsta)||empty($ccota) || empty($nextmilestonesta) || empty($bugta)|| empty($riskta) || empty($summaryta)) {            
        if(empty($releaseta)) {
            echo "<font color='red'>release field is empty.</font><br/>";
        }

        if(empty($keyta)) {
            echo "<font color='red'>Akey field is empty.</font><br/>";
        }

        if(empty($programleadsta)) {
            echo "<font color='red'>program field is empty.</font><br/>";
        }        
        if(empty($ccota)) {
            echo "<font color='red'>cco field is empty.</font><br/>";
        }

        if(empty($nextmilestonesta)) {
            echo "<font color='red'>nextmilestone field is empty.</font><br/>";
        }

        if(empty($bugta)) {
            echo "<font color='red'>bug field is empty.</font><br/>";
        } 
        if(empty($risksta)) {
            echo "<font color='red'>risk field is empty.</font><br/>";
        }

        if(empty($summaryta)) {
            echo "<font color='red'>summary field is empty.</font><br/>";
        } 
    } else {    
        //updating the table
        $result = mysqli_query($connect, "UPDATE mrinsert SET releaseta='$releaseta',keyta='$keyta',programleadsta='$programleadsta',ccota='$ccota',nextmilestonesta='$nextmilestonesta',bugta='$bugta',risksta='$risksta',summaryta='$summaryta' WHERE mrinsertid='$mrinsertid'");

        //redirectig to the display page. In our case, it is index.php
        header("Location: index.php");
    }
}

?>
<?php
//getting id from url


$mrinsertid = $_GET['mrinsertid'];

 //selecting data associated with this particular id
$result = mysqli_query($connect, "SELECT * FROM mrinsert WHERE mrinsertid=$mrinsertid");

while($res = mysqli_fetch_array($result))
{
    $releaseta=$res['releaseta'];
    $keyta=$res['keyta'];
    $programleadsta=$res['programleadsta']; 
    $ccota=$res['ccota']; 
    $nextmilestonesta=$res['nextmilestonesta'];
    $bugta=$res['bugta'];
    $risksta=$res['risksta'];
    $summaryta=$res['summaryta'];

    ?>

<html>
<head>    
    <title>Edit Data</title>
</head>
 <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
  <style>
  .wrap {
    position:relative;
    width:50px;
}
.wrap button {
    border:5px solid;
    position:absolute;
    top:50px;
    border-color:black;
    border-radius: 50%;
    margin-left:20px;
    display:block;
  height: 50px;
  width: 50px;
  background-color:green;

  }
  </style>
<body>
    <a href="index.php">Home</a>
    <br/>

    <form name="form1" method="post" action="mredit.php">

    <input type="text" name="mrinsertid" value=<?php echo $_GET['mrinsertid'];?> >
    <input type="submit" name="update" value="update">

<div id="MRtableDIV">
<table border="2">
<tr style="background-color:#80bfff">
<th style="width:8%"><center>Release</center></th>
<th style="width:5%"><center>Status</center></th>
<th style="width:6%"><center>Key</center></th>
<th style="width:15%"><center>Program Leads</center></th>
<th style="width:6%"><center>CCO Dates</center></th>
<th style="width:6%"><center>Next Milestones</center></th>
<th style="width:10%"><center>Bug Projection</center></th>
<th style="width:14%"><center>Risks</center></th>
<th style="width:20%"><center>Summary</center></th>
<tr>
<tr>
 <tr>
    <td><textarea name="releaseta" id="ReleaseTA" style="width:100%;height:200px;resize:none;background-color:#e6f2ff""><?php echo $res['releaseta'];?></textarea></td>
    <td>
    <div class="wrap">
    <button id="button1" value = "button" style= "color:white" onclick="setColor('button1', '#101010')";></button>
    </div>
    <textarea name="" id="StatusTA" style="width:100%;height:200px;resize:none;background-color:#e6f2ff"></textarea>
    </td>
    <td><textarea name="keyta" id="KeyTA" style="width:100%;height:200px;resize:none;background-color:#e6f2ff"><?php echo $res['keyta'];?></textarea></td>
    <td><textarea name="programleadsta" id="ProgramLeadsTA"  style="width:100%;height:200px;;resize:none;background-color:#e6f2ff"><?php echo $res['programleadsta'];?></textarea></td>
    <td><textarea name="ccota" id="CCOTA" style="width:100%;height:200px;resize:none;background-color:#e6f2ff"><?php echo $res['ccota'];?></textarea></td>
    <td><textarea name="nextmilestonesta" id="NextMilestonesTA" style="width:100%;height:200px;resize:none;background-color:#e6f2ff"><?php echo $res['nextmilestonesta'];?></textarea></td>
    <td><textarea name="bugta" id="BugTA" style="width:100%;height:200px;resize:none;background-color:#e6f2ff"><?php echo $res['bugta'];?></textarea></td>
    <td><textarea name="risksta" id="RisksTA" style="width:100%;height:200px;resize:none;background-color:#e6f2ff"><?php echo $res['risksta'];?></textarea></td>
    <td><textarea name="summaryta" id="SummaryTA" style="width:100%;height:200px;resize:none;background-color:#e6f2ff"><?php echo $res['summaryta'];?></textarea></td>
  </tr>
</tr>
</table>
</div>
    </form>
</body>
</html>
<?php
}
?>

Possible duplicate of [PHP: "Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset"](https://stackoverflow.com/questions/4261133/php-notice-undefined-variable-notice-undefined-index-and-notice-undef) — Tom Udding, Nov 25 '17 at 10:26
Your script is at risk of [SQL Injection Attack](https://stackoverflow.com/q/60174/5914775). Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/). Even [if you are escaping inputs, its not safe!](https://stackoverflow.com/q/5741187/5914775). Use [prepared parameterized statements](https://php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead. — Tom Udding, Nov 25 '17 at 10:27
Also has XSS issues, and the `font` tag was deprecated in like 1980's ;p — Lawrence Cherone, Nov 25 '17 at 10:33
@arunaesthetix As as side note: You don't need a while loop to read the data from the database when you know you will have only one row at most, since you are using a primary key to identify the row. A simple direct `mysqli_fetch_array` will be enough. — Progman, Nov 25 '17 at 13:58

score 0 · Answer 1 · answered Nov 25 '17 at 10:29

0

Remove the action part from the form and it will work fine. Between, don't forget to type-cast the value to integer before using it. Also, use prepare statements whenever you can.

answered Nov 25 '17 at 10:29

Pradeesh Kumar

223
2
14

The error has gone but it is not updating and redirecting. @Pradeesh – arun aesthetix Nov 25 '17 at 10:35

score 0 · Accepted Answer · answered Nov 25 '17 at 11:31

Try this

I just remove the { } and added directly ".$_SESSION['user_id']; and store the query in the variable which is called as $result1.

$result1 = "SELECT * FROM mrinsert WHERE user_id=".$_SESSION['user_id'];
    $result = mysqli_query($conn, $result1);

    if (mysqli_num_rows($result) > 0) {
        // output data of each row
        while($res = mysqli_fetch_array($result)){
                echo "<tr>";
                echo "<td>".$res['bugta']."</td>";
                echo "<td>".$res['releaseta']."</td>";
                echo "<td>".$res['ccota']."</td>";    
                echo "<td><a href='mredit.php?mrinsertid=".$res['mrinsertid']."'>Edit</a></td>"; 
        }
    } 
    else {
        echo "0 results";
    }
    mysqli_close($conn);

mredit.php

echo $mrinsertid = $_GET['mrinsertid'];

score 0 · Answer 3 · answered Nov 25 '17 at 13:57

The problem is that in the first call of "mredit.php" you are using a GET request since you clicked on a <a href> link. In this case your $_GET['mrinsertid'] will be set to the value set in the URL. In your second call of "myedit.php" you are using a POST request as defined in your form with the method="post" attribute. Therefore the value is not in $_GET[] but in $_POST[] instead.

There are several solutions how to fix this:

Use $_REQUEST instead of $_GET. The $_REQUEST array is a merge of the $_GET, $_POST and $_COOKIE array, so it doesn't matter when the value comes from the URL or from a HTML form (send via a POST request).
Change the method= attribute in your <form> tag to GET to send it as a GET request. However you usually don't do that as HTML forms should be send via a POST request for various reasons.
Add the mrinsertid value to the URL in the action= attribute of your <form> tag. This way the value of mrinsertid is in $_GET, but the form data will still be in $_POST.

While displaying updated values the $_GET return undefined index error but on normal redirection $_GET method give the correct values

3 Answers3