ERROR :- Undefined variable: raw While Transfering data between 2 pages

Question

manageleavetype.php

Below code is my first file page I want to redirect this page form content into next file code edit.php. I want want to update the data from the next page.

<form action="" method="POST">
<tr>
<td><?php echo $type; ?></td>
<td><?php echo $des; ?></td>
<td><?php echo $time; ?></td>
<input type="hidden" name="hid" value="<?php echo $id; ?>">
<input type="hidden" name="htype" value="<?php echo $type; ?>">
<input type="hidden" name="hdes" value="<?php echo $des; ?>">
<td><input type="submit" name="del" value="DELETE">
<input type="submit" name="update" value="UPDATE">
</td></form></tr>

edit.php

This file except the code from above file and update the data that is received into MySQL database

<?php

require 'config.php';

if (isset($_POST['update'])) {
    $eid = $_POST['hid'];
    $que = "SELECT * FROM leavetype WHERE id='$eid'";
    $exe = mysqli_query($conn, $que);
    $raw = mysqli_fetch_array($exe);
}

if (isset($_POST['update'])) {
    $nwtype = $_POST['ltype'];
    $nwdes = $_POST['ldes'];

    $que = "UPDATE leavetype SET leavetype='$nwtype',description='$nwdes' WHERE id='$eid'";
    $exe = mysqli_query($conn, $que);
    if ($exe) {
        header("location:manageleavetype.php");
    }
}

?>
<form method="POST">
<label>Leave Type</label>
<input type="text" name="ltype" value="<?php echo $raw['leavetype']; ?>">
<label>Description</label>
<input type="text" name="ldes" value="<?php echo $raw['description']; ?>">
<input type="submit" name="update" value="Update">

</form>

When I run this program following error is coming:

Notice: Undefined variable: raw in C:\wamp64\www\eLeaveSystem\edit.php on line 31

**Warning:** You are wide open to [SQL Injections](http://php.net/manual/en/security.database.sql-injection.php) and should really use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](http://php.net/manual/en/pdo.prepared-statements.php) or by [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Never trust any kind of input, especially that which comes from the client side. Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). — Dharman, Jan 20 '19 at 12:17

score 1 · Answer 1 · answered Jan 20 '19 at 13:34

When you only define variables within an if block, you risk getting that error. In your case you define $raw only when update is posted:

if (isset($_POST['update'])) {
    $eid = $_POST['hid'];
    $que = "SELECT * FROM leavetype WHERE id='$eid'";
    $exe = mysqli_query($conn, $que);
    $raw = mysqli_fetch_array($exe);
}

But you access that variable unconditionally in the HTML generation part, like here:

<input type="text" name="ltype" value="<?php echo $raw['leavetype']; ?>">

So you have a few options:

Put the HTML generation part also in such an if block. Then you need to have another part in your code where you generate output for when no update is posted.
Define default values for those variables. For example $raw = ['leavetype' => 'something', 'description' => 'default description'].

score 0 · Answer 2 · answered Jan 20 '19 at 13:48

You can simply solve this issue by using the isset() function to avoid undefined variable issue.

Try below:

<form method="POST">
    <label>Leave Type</label>
    <input type="text" name="ltype" value="<?php echo (isset($raw['leavetype']) ? $raw['leavetype'] : '');?>">
    <label>Description</label>
    <input type="text" name="ldes" value="<?php echo (isset($raw['description']) ? $raw['description'] : ''); ?>">
    <input type="submit" name="update" value="Update">
</form>

I assume that the form block should appear for both Update and Insert.

ERROR :- Undefined variable: raw While Transfering data between 2 pages

2 Answers2