-1

Why i am getting this error?

Notice: Undefined variable: subject in C:\xampp\htdocs\Bcc Online Exam and Quiz System\admins\assessments\results\index.php on line 156

 $stmt = $conn->prepare("SELECT * FROM  studentresult_exams as SRE, examproper as E, users as U WHERE SRE.test_id = E.test_id and E.user_id = '$user_id' and U.user_id = SRE.student_id AND test_desc LIKE '%$course%' AND category_exam LIKE '%$subject%' AND year LIKE '%$semester%' ORDER BY percentage DESC");
epascarello
  • 204,599
  • 20
  • 195
  • 236
Neil Caguioa
  • 19
  • 4
  • This has nothing to do with javascript, html, jquery, or css. Sounds like you did not define a variable. Do yourself a favor and show all your code. If you do not show more code it will be closed. – epascarello Mar 08 '19 at 03:41
  • Also, insert rant about SQL injection. Provide links to posts where [SQL Injection is defined](https://stackoverflow.com/questions/601300/what-is-sql-injection) and [delt with](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) –  Mar 08 '19 at 03:56
  • It seems that you don't defined variable $subject in your code before query. You should define that to make it works. Also your code is open for SQL injection. Please go through that to avoid security vulnerability. – Rohit Mittal Mar 08 '19 at 04:31

2 Answers2

2

This is a very basic question, you should define variable before access!

$subject = 'xxx';
$stmt = ...
user3322481
  • 305
  • 2
  • 4
0

It's impossible to know why you're getting this error without more code. That said, the usual reason to get this error is usually because you're using a variable before you've set it. It's really undefined.

$mystring = "Blah blah $subject"; // bad. $subject doesn't exist yet.

$subject = "Hello World!"; // do this first

$mystring = "Blah blah $subject"; // Good, because $subject now has a value

Of course, it could be something else, like it could be because you unset() it somewhere beforehand, or possibly the code you think is setting it is actually not (don't ask me why without posting more code). In fact, it could be a typo somewhere else in your code. But generally, this usually is the answer. If this doesn't work for you, I would suggest you post a slightly larger snippet of code. That way, we can dig into exactly why you are getting this error and help you better.

Side note: I should also mention (as many people probably will eventually) that your code is also vulnerable to SQL Injection. This can be fixed. I only mention it because a) others will if I don't, and b) this can be a very nasty vulnerability to have. You don't want a breach to happen to you!