-1

I am trying to pull data from the database and export it in the HTML, with the set variables. It gives me undefined variables every time. I am assuming because the data is missing? I get a good connection to the host and database, as I have run test scripts on those. Anyhow, here is the code:

Update: Thank you for the prompt responses, unfortunately still not having much luck. I returned the $id assignment, leaving that out was by accident, and I have tried with and without the while loop; I also tried to define default variables. Nothing seems to work. I keep getting "Data to render this page is missing, unless I remove that error from the code, then I get the undefined variable errors. Anyone have any final thoughts? I am brand new to SQL so it's probably something dumb that you guys are too smart to think of.

<?php if (isset($_GET['id'])) {
    include "storescripts/connect_to_mysql.php";    $id = preg_replace('#[^0-9]#i', '', $_GET['id']);   $sql = mysqli_query("SELECT * FROM products WHERE id='$id' LIMIT 1");   $productCount = mysqli_num_rows($sql);
    if ($productCount > 0) {        while($row = mysqli_fetch_array($sql)){ 
             $product_name = $row["product_name"];
             $price = $row["price"];
             $details = $row["details"];
             $category = $row["category"];
             $subcategory = $row["subcategory"];
         }
            } else {        echo "That item does not exist.";
        exit();     }        } else {   echo "Data to render this page is missing.";    exit(); } ?>
Beau
  • 5
  • 3
  • 1
    Since you define the variables inside the while-loop, they will only be defined if there is a match in the database. If there is no match, the variables won't be created and you'll get `undefined variable: xxx` if you still try and use them. Either define default values for them before the while-loop, or check if they are defined when echoing them, like this: `echo $product_name ?? 'default-value';`. The default value will be echoed in case `$product_name` is defined and not null. – M. Eriksson Oct 09 '20 at 06:29
  • Use prepared statements to avoid sql injection. – AbsoluteBeginner Oct 09 '20 at 07:39
  • 1
    What @MagnusEriksson said also applies if `$_GET['id']` is not set. – Nick Oct 09 '20 at 11:04

3 Answers3

0

Since your query is going to return just one result(Limit = 1 in the query), you should do away with the while loop.

You'll only need it if you were to iterate over more than one row.

The variables declared in the while loop will always be undefined outside the loop.

if ($productCount > 0) {
    // get all the product details
         $product_name = $row["product_name"];
         $price = $row["price"];
         $details = $row["details"];
         $category = $row["category"];
         $subcategory = $row["subcategory"];
         $date_added = strftime("%b %d, %Y", strtotime($row["date_added"]));   
}
Professorval
  • 183
  • 2
  • 10
-1

Try using $row = mysqli_fetch_assoc($sql) instead of $row = mysqli_fetch_array($sql) in the while loop. If i remember correctly mysqli_fetch_array() function returns a numeric array, but you need to get an associative one.

Vladyslav Topchii
  • 40
  • 5
-2
 $sql = mysqli_query($connect, "SELECT * FROM products WHERE id='$id' LIMIT 1");

Missed assigning value to '$id' you are getting the value of the id but it's not assigned to $id

$id=$_GET['id'];
$sql = mysqli_query($connect, "SELECT * FROM products WHERE id='$id' LIMIT 1");

add this above sql query

sai m
  • 1
  • 1
  • 1
    While technically correct regarding the variable assignment there, this doesnt mention the others as Magnus's comment shows. More problematic though, this code is extremely susceptible to [sql injection](https://www.acunetix.com/websitesecurity/sql-injection/). You should use [prepared statements with parameter binding](https://phpdelusions.net/pdo). – Wesley Smith Oct 09 '20 at 06:37
  • I am new to PHP tbh any server-side language I am totally unaware of SQL Injections. I think the data of the company I am working at risk. – sai m Oct 10 '20 at 05:38