mysqli_query(): Empty query and Undefined index: abonent

Question

I have the following errors when executing my code:

[client 127.0.0.1:50592] PHP Notice:  Undefined index: abonent in C:\\Bitnami\\wampstack-7.1.19-0\\apache2\\htdocs\\Piggyservice\\show-balance.php on line 5
[client 127.0.0.1:50592] PHP Warning:  mysqli_query(): Empty query in C:\\Bitnami\\wampstack-7.1.19-0\\apache2\\htdocs\\Piggyservice\\Common.php on line 27
[client 127.0.0.1:50592] PHP Warning:  mysqli_query(): Empty query in C:\\Bitnami\\wampstack-7.1.19-0\\apache2\\htdocs\\Piggyservice\\Common.php on line 28
[client 127.0.0.1:50592] PHP Warning:  mysqli_error() expects exactly 1 parameter, 0 given in C:\\Bitnami\\wampstack-7.1.19-0\\apache2\\htdocs\\Piggyservice\\Common.php on line 28

Here is the common.php file

<?php
require_once 'config.php';
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$dbname = 'wp_fs';
$con = mysqli_connect("127.0.0.1", "root", " ", "wp_fs") or die("Unable to Connect to '$dbhost'");
function getConnection()
{
$con = mysqli_connect("127.0.0.1", "root", " ", "wp_fs");
if(!mysqli_select_db( $con,"wp_fs"))
    die('Could not select database');
return $con;
}
function createAccount($abonent)
{
$con = getConnection();
       $query   =   "INSERT   INTO   `accounts`(`abonent`,   `balance`) values($abonent,
".DEFAULT_BALANCE.")";
if(!mysqli_query($con,$query))
    die('createAccount: Query failed: ' . mysqli_error());
}
function getBallance($abonent)
{
$con = getConnection();
$query = mysqli_query($con,"SELECT `balance` FROM `accounts` WHERE `abonent` = $abonent");
$result = mysqli_query($con,$query );
if(!mysqli_query($con, $query)) die('getBallance: Query failed: ' . mysqli_error());
if(mysqli_num_rows($result) == 0)   
{
    return -1;
}
$data = mysqli_fetch_array($result);
return $data['balance'];  }
function setBalance($abonent, $balance)
{
$con = getConnection();
$query = "UPDATE `accounts` SET `balance`= $balance WHERE `abonent` = $abonent";
if(!mysqli_query($con,$query))
    die('setBalance: Query failed: ' . mysqli_error());
}
?>

What I want to do is to get balance when call the function show-balance.php

<?php
require_once 'common.php';
if(isset($_POST['abonent']))
die("Not enough parameters");
$abonent = $_POST['abonent'];
$balance = getBallance($abonent);
if($balance == -1)
{
createAccount($abonent);
$balance = DEFAULT_BALANCE;
}
header('Content-Type: text/xml');
print '<?xml version="1.0" encoding="UTF-8"?>'
?>
<page version="2.0">
<title>Balance</title>
<div>
    Your balance is <?=$balance?>
</div>
<navigation>
    <link accesskey="0" pageId="a01.xml" type="back">Back</link>
</navigation>
</page>

the test database has only one table (accounts) with two columns "abonent" and "balance "

when testing the link :
http://127.0.0.1/pigyservice/show-balance.php?abonent=12406774740&subscriber=12406774740

i have the following errors : getBallance: Query failed

Answer 1

You are trying to pass parameters at URI query, and those values are accessible at PHP using $_GET or $_REQUEST, and you're checking $_POST.

You're also checking if there's any value to $_POST["abonent"], you need to invert the logical to check if it's empty:

if ( ! isset ( $_POST["abonent"]))
{
  die ( "Not enough parameters");
}

You can use $_REQUEST (that mix GET and POST request variables), using:

if ( ! isset ( $_REQUEST["abonent"]))
{
  die ( "Not enough parameters");
}
$abonet = $_REQUEST["abonent"];

Also, be careful with SQL injection, don't pass external parameters directly to your query. You can check about PHP SQL Injection in this link.