What part of my code is causing an Undefined Index error? (PHP)

Question

I am working on a small forum and I am currently trying to display the forum topics in a separate file. For whatever reason when I open the file it is displaying these errors:

Notice: Undefined index: cid in C:\xampp\htdocs(A)Book 2.0\Bootstrap\topics.php on line 19

Notice: Undefined index: scid in C:\xampp\htdocs(A)Book 2.0\Bootstrap\topics.php on line 20

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs(A)Book 2.0\Bootstrap\content_function.php on line 41

I've tried to use an isset function for the variables, but it hasn't worked. I'm calling the variables from a separate functions file.

Here's the code displaying the topics:

    <?php
session_start();
require_once ('../db.php');

// Check if user is logged in using the session variable
if ( $_SESSION['logged_in'] != 1 ) {
  $_SESSION['message'] = "You must log in before viewing your profile page!";
  header("location: error.php");
  exit; //<--- add this
}else {
    // Makes it easier to read
    $first_name = $_SESSION['first_name'];
    $last_name = $_SESSION['last_name'];
    $email = $_SESSION['email'];
    $active = $_SESSION['active'];
}

include ('content_function.php');
$cid2 = $_GET['cid'];
$scid2 = $_GET['scid'];
 ?>
<!DOCTYPE html>
<html lang = "en">
<head>
  <title>Topics</title>
  <link href="main.css" type="text/css" rel="stylesheet" />
</head>
<body>
<div class = "content">
  <?php
  /*
  $select = mysqli_query($mysqli, "SELECT * FROM categories");
  while($row = mysqli_fetch_assoc($select)){
    echo  "<h1>", $row['category_title']."</h1>" ;
  }*/

  disptopics($cid2, $scid2, $mysqli);
  /*if (isset($_GET['cid'], $GET['scid'])){

    disptopics();
  }*/

   ?>
 </div>
</body>
</html>

Also, here is the code for the functions:

    <?php
require '../db.php';
  function dispcategories($mysqli){
    $select = mysqli_query($mysqli, "SELECT * FROM categories");

    while($row = mysqli_fetch_assoc($select)){
      echo "<table class = 'category-table'";
      echo "<tr><td class= 'main-category'colspan='2'>".$row['category_title']."</tr></td>";
      dispsubcategories($row['cat_id'], $mysqli);
      echo "</table>";
    }
  }

  function dispsubcategories($parent_id, $mysqli){
    $select = mysqli_query($mysqli, "SELECT cat_id, subcat_id, subcategory_title, subcategory_descr FROM categories, subcategories
                                     WHERE ($parent_id = categories.cat_id) AND ($parent_id = subcategories.parent_id)");
    echo "<tr><th width='90%'>Categories</th><th width='10%'>Topics</th></tr>";

    while($row = mysqli_fetch_assoc($select)){
      echo "<tr><td class='category_title'><a href='topics.php/".$row['cat_id']."/".$row['subcat_id']."'>
                    ".$row['subcategory_title']."<br/>";
      echo $row['subcategory_descr']."</a></td>";
      echo "<td class='num-topics'>".getnumtopics($parent_id, $row['subcat_id'], $mysqli)."</td></tr>";
    }
  }
  //Displays categories
  function getnumtopics($cat_id, $subcat_id, $mysqli){
    $select = mysqli_query($mysqli, "SELECT category_id, subcategory_id FROM topics WHERE ".$cat_id." = category_id
                    AND ".$subcat_id." = subcategory_id");
$get = mysqli_num_rows($select);

return $get;
  }
  //Displays Topics Within categories
  function disptopics($cid, $scid, $mysqli){
    $select = mysqli_query($mysqli, "SELECT topic_id, author, title, date_posted, views, replies FROM categories, subcategories, topics
                                     WHERE ($cid = topics.category_id) AND ($scid = topics.subcategory_id) AND ($cid = categories.cat_id)
                                     AND ($scid = subcategories.subcat_id) ORDER BY topic_id DESC");


   if(mysqli_num_rows($select) != 0) {
      echo "<table class='topic-table'>";
      echo "<tr><th>Title</th><th>Posted By</th><th>Date Posted</th><th>Views</th><th>Replies</th></tr>";

      while($row = mysqli_fetch_assoc($select)){
        echo "<tr><td><a href='readtopic.php/".$cid."/".$scid."/".$row['topic_id']."'>
              ".$row['title']."</a></td><td>".$row['author']."</td><td>".$row['date-posted'].".</td><td>".$row['views']."</td>
              <td>".$row['replies']."</td></tr>";
      }
      echo "</table>";
    } else {
      echo "<p>This category has no topics yet! <a href='newtopic.php/".$cid."/".$scid."'> Add a new one!</a></p>";
    }

  }


?>

I've looked over each file multiple times and used a code checker that says I have no syntax errors.

You need to test if `$_GET['cid']` and `$_GET['scid']` is set or not empty before using it. — Scuzzy, Aug 20 '18 at 04:15
Possible duplicate of [PHP: "Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset"](https://stackoverflow.com/questions/4261133/php-notice-undefined-variable-notice-undefined-index-and-notice-undef) — Scuzzy, Aug 20 '18 at 04:16

score 2 · Accepted Answer · answered Aug 20 '18 at 04:17

2

$_GET is an array, and if the user haven't defined a scid=something in the query string, then $_GET['scid'] is undefined. There, you got an undefined index Notice.

You should test if isset($_GET['scid']) before trying to read it's value.

answered Aug 20 '18 at 04:17

Havenard

27,022
5
36
62

Is it not defined under the distopics() function? – CaptainAmerica16 Aug 20 '18 at 04:20
@CaptainAmerica16 Well, I'd say evidence says it's not. – Havenard Aug 20 '18 at 04:21
I just entered if(isset($_GET['scid'])){ echo "It works"; } but nothing printed out. – CaptainAmerica16 Aug 20 '18 at 04:29
@CaptainAmerica16 That proves what we already know, the index is not defined. – Havenard Aug 20 '18 at 04:30
I'm new to PHP so sorry if I'm being a little slow. Could you give me an example of how to define it? I have ($scid = topics.subcategory_id) AND ($scid = subcategories.subcat_id) in my function file. I'm not sure what it is I'm doing wrong. – CaptainAmerica16 Aug 20 '18 at 04:32
@CaptainAmerica16 In order to `$_GET['scid']` to be defined, the user must call the page like `page.php?scid=value` , this will define `$_GET['scid']` to `value`. If `isset($_GET['scid'])` is true, then this happened, otherwise `$_GET['scid']` is undefined and you probably should default `$scid` to `0` or perhaps tell the user an error occurred because no `scid` was specified. – Havenard Aug 20 '18 at 04:35
@CaptainAmerica16 You can do that inline with `$scid = isset($_GET['scid']) ? $_GET['scid'] : 0;` – Havenard Aug 20 '18 at 04:36
@CaptainAmerica16 Another thing that you should be very careful is to filter `$scid` so the user cannot set it to any arbitrary value it is not supposed to. Remember you are injecting `$scid` directly into a SQL query, and if the user is allowed to put anything he wants there, you have a [SQL Injection](https://en.wikipedia.org/wiki/SQL_injection) problem. – Havenard Aug 20 '18 at 04:39

score 0 · Answer 2 · answered Aug 20 '18 at 04:23

0

from where this $_GET['cid'] and $_GET['scid'] is getting data please check echo $_GET['cid'] or you also do var_dump($_GET);

answered Aug 20 '18 at 04:23

Prakash Pandey

75
1
8

What part of my code is causing an Undefined Index error? (PHP)

2 Answers2