1

I was trying to complete and exercise but i got this 2 errors:

Notice: Undefined index: Id_sessione in C:\xampp\htdocs\Challenge\Recensione.php on line 24

Notice: Undefined index: Cod_sessione in C:\xampp\htdocs\Challenge\Recensione.php on line 25

usually i know how to solve the undefined index error, but this time I have already tried to change the syntax and check the tables/querys but to me everything seems correct.

$Titolo = $_POST['Titolo'];
$Rate = $_POST['Valutazione'];
$query = "Select Titolo From recensioni where Titolo = '$Titolo' limit 1";
$query2 = "Select MAX(Id_sessione) from sessione";
$query3 = "Select MAX(Cod_sessione) from recensioni";
$result = $conn->query($query);
$result2 = $conn->query($query2);
$result3 = $conn->query($query3);
$row = mysqli_fetch_assoc($result);
$row2 = mysqli_fetch_assoc($result2);
$row3 = mysqli_fetch_assoc($result3);
$controllaTitolo = $row['Titolo'];
$Sessione = $row2['Id_sessione'];
$controllaSessione = $row3['Cod_sessione'];

Tables Sessione:

+-------------+------+---------------------+
| Id_sessione | Nome | TimeA               |
+-------------+------+---------------------+
|           1 | zhao | 2019-05-17 13:04:19 |
|           2 | zhao | 2019-05-18 18:07:24 |
|           3 | zhao | 2019-05-18 18:47:20 |
|           4 | zhao | 2019-05-19 11:49:54 |
+-------------+------+---------------------+

recensione:

+---------------+---------+-------------+--------------+
| Id_recensione | Titolo  | valutazione | Cod_sessione |
+---------------+---------+-------------+--------------+
|             1 | Avenger |           3 |         NULL |
|             2 | Titanic |           4 |            4 |
+---------------+---------+-------------+--------------+
R.Librizzi
  • 13
  • 4
  • **Warning:** You are wide open to [SQL Injections](http://php.net/manual/en/security.database.sql-injection.php) and should really use parameterized [Prepared Statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead of manually building your queries like that. Specially since you're not escaping the user inputs at all! – M. Eriksson May 19 '19 at 11:18

1 Answers1

0

You need proper column alias in query and use the column alias as index

eg max_id and max_cod

Titolo = $_POST['Titolo'];
$Rate = $_POST['Valutazione'];
$query = "Select Titolo From recensioni where Titolo = '$Titolo' limit 1";
$query2 = "Select MAX(Id_sessione) max_id from sessione";
$query3 = "Select MAX(Cod_sessione) max_cod from recensioni";
$result = $conn->query($query);
$result2 = $conn->query($query2);
$result3 = $conn->query($query3);
$row = mysqli_fetch_assoc($result);
$row2 = mysqli_fetch_assoc($result2);
$row3 = mysqli_fetch_assoc($result3);
$controllaTitolo = $row['Titolo'];
$Sessione = $row2['max_id'];
$controllaSessione = $row3['max_cod'];

anyway you should not use PHP var in SQL query .. you are at risk for sqlinjection .. for avoid this you should take a look at your db driver for prepared statement and binding param

ScaisEdge
  • 131,976
  • 10
  • 91
  • 107