0

I'm writing code to fetch data from the database but it keeps on flagging the error:

Notice: Undefined variable: word in C:\xampp\htdocs\Zubby\admin\updateword.php on line 7

<?php 

if(isset($_POST['submit']))
    $word = $_POST['word'];

    include '../include/config.php' ;
    $sql = "SELECT FROM word WHERE word = $word";

    $fetch = mysqli_query($connect, $sql);
    if ($fetch) {
        echo $word;
    }else{
        echo "No such word exists in the database";
    }

?>

<form name="word-Add" method="POST" action="">
    <input type="text" name="word" placeholder="  Type the Word "><br><br><br><br>
    <input type="submit" name="submit" id="submit" value="Search Word"><br><br><br><br>

</form>
James
  • 4,644
  • 5
  • 37
  • 48
Gist
  • 11
  • 5
  • 2
    Possible duplicate of [PHP: "Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset"](https://stackoverflow.com/questions/4261133/php-notice-undefined-variable-notice-undefined-index-and-notice-undef) – Nigel Ren May 27 '18 at 20:55
  • 1
    Your missing {} around the section after `if(isset($_POST['submit']))` – Nigel Ren May 27 '18 at 20:56
  • You also should come up with a more descriptive title. – Nigel Ren May 27 '18 at 20:58
  • 2
    Your SQL is invalid. Strings need to be quoted in SQL. You also will be open to SQL injections. Parameterize. – user3783243 May 27 '18 at 21:07

1 Answers1

0

Try

<?php 

if(isset($_POST['submit']))
{
    $word = $_POST['word'];

    include '../include/config.php' ;
    $sql = "SELECT * FROM word WHERE word = '".$word."'";

    $fetch = mysqli_query($connect, $sql);
    if ($fetch) {
        echo $word;
    }else{
        echo "No such word exists in the database";
    }
}

?>

<form name="word-Add" method="POST" action="">
    <input type="text" name="word" placeholder="  Type the Word "><br><br><br><br>
    <input type="submit" name="submit" id="submit" value="Search Word"><br><br><br><br>

</form>

Please note though that your code is highly insecure! Never use user input directly in a query! Better use prepared statements: http://php.net/manual/en/pdo.prepared-statements.php

Matthias Bö
  • 449
  • 3
  • 12
  • How about giving the answer with the parameterized query? It would solve the problem and show the right way to do it. – Tim Morton May 27 '18 at 21:12