Notice: Undefined variable: query in E:\xampp\htdocs\jr\api\comment.php

Question

This is an API. When API is null I want to show "no record found" result but it show me error " Undefined variable: query ".I don't know why this error occur.

<?php
    
    header('Access-Control-Allow-Origin: *');
    header('Content-type: application/json');
    include'../includes/database.php';
    if (isset($_GET['id'])) {
     {
        $forum_id = $_GET['id'];
    
        $query = mysqli_query($con, "SELECT comment FROM forum WHERE id=$forum_id");
        while ($row = mysqli_fetch_array($query, MYSQLI_ASSOC)) {
    
            $arr[] = array('id' => $forum_id, 'Comment' => $Comment);
        }
    }else{
        if (isset($_GET['Comment']) && isset($_GET['user_id']) && isset($_GET['forum_id'])) {
        $user_id = $_GET['user_id'];
        $forum_id = $_GET['forum_id'];
        $image = 'img/avatar.svg';
        $Comment = mysqli_real_escape_string($con, $_GET['Comment']);
        $query = mysqli_query($con, "INSERT INTO `comment` SET `forum_id` = '" . $forum_id . "',`user_id` = '" . $user_id . "',`Comment` = '" . $Comment . "',`image` = '" . $image . "'");
        if (!$query) {
            $msg = 'False';
        } else {
            $msg = 'True';
        }
    
    
    $last_id = mysqli_insert_id($con) . '';
    $final_timestamp=$db->getEachById($con,'date','comment',$last_id);
    $final_timestamp=$db->getElapsedTime($final_timestamp);
    $respond['message'] = $msg;
    
     $arr= array('id' => $last_id, 'Comment' => $Comment, 'date' => $final_timestamp,'user_id' => $user_id);
        }
    }
        if (isset($_GET['forum_id'])) {
            $forum_id=$_GET['forum_id'];
            $query = mysqli_query($con, "SELECT * FROM comment WHERE forum_id=$forum_id ORDER BY id DESC");
        while ($row = mysqli_fetch_array($query, MYSQLI_ASSOC)) {
            $id = $row['id'];
        $forum_id = $row['forum_id'];
        $user_id = $row['user_id'];
        $name = $db->getEachById($con,'name','users',$user_id); 
        $image = 'https://jansherjr.com/'.$row['image'];
            $Comment = $row['Comment'];
        $date = $db->getElapsedTime($row['date']);
            $arr[] = array('id' => $id,'forum_id' => $forum_id,'user_id' => $user_id, 'Comment' => $Comment,'name' => $name,'image' => $image,'date' => $date);
        }
        }
    
    if (mysqli_num_rows($query) > 0) {
            $response ['comment'] = $arr;
    
            $respond ['comment'] = $arr;
            print json_encode($respond);
        }
    else {
        $arr[] = array('msg' => 'no records found',);
        $respond ['comment'] = $arr;
        print json_encode($respond);
     }
        ?>

Issue comes at the IF statement in the end that undefined variable "query". When API is null I want to show "no record found" result but it show me error Undefined variable: query.I don't know why this error occur while I am using query variable at the top

Please help me!

**Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) — Dharman, Jul 28 '22 at 10:09

score 1 · Answer 1 · answered Jul 28 '22 at 09:59

1

If you look at your code carefully, you can notice that there is a way for the variable $query to be undefined:

if the 1st condition if (isset($_GET['id'])) is not met, then it will go to the else clause;
then in the else clause, the condition if (isset($_GET['Comment']) ... can be falsey; in this case, $query is still undefined;
then if the next condition if (isset($_GET['forum_id'])) is not met as well, $query will remain undefined.

answered Jul 28 '22 at 09:59

yolenoyer

8,797
2
27
61

please address me what should i do? – Muhammad muzammil Jul 28 '22 at 10:11
In a general way, you have to ensure that the variable will be defined in all situations. I just showed you a possible situation (combination of if and else) where it's not the case. You have to handle this case in a more robust way. For example you could test `if (!isset($query)) { /** then handle error... */ }`, but now it's up to you – yolenoyer Jul 28 '22 at 11:46

Notice: Undefined variable: query in E:\xampp\htdocs\jr\api\comment.php

1 Answers1