0

Good Afternoon,

I am currently working through a lab task for my course and the provided solution is giving me an error which I dont understand. The error is

Warning: Undefined array key "animal" in C:\xampp\htdocs\PE7045\week 6\zoo1.php on line 12

I know the cnnection to my DB is OK, I have used that script multiple times. I am just confused with the undefined array key.

Its coming from this code $animalID = $_REQUEST['animal'];

Should it not b asking for some user input with the $_Request?

Many thanks !



    <!DOCTYPE html>
    <html lang="en">
        <head>
            <meta charset="utf-8" />
                    <title>Week 6 task 3-2</title>
        </head>
        <body>
            <h1>Zoo - Display Name for One Animal</h1>
            <p>
                <?php
                
                    $animalID = $_REQUEST['animal'];
                    include('dbconn.php'); 
             
                    $sql = "SELECT Animalname FROM ANIMAL WHERE animalID=$animalID";
                    $queryresult = mysqli_query($conn, $sql);
    
                    //Generate link to update.php with Animal ID as parameter
                    if ($queryresult) {
                        $currentrow = mysqli_fetch_assoc($queryresult);
                        $name = $currentrow['Animalname'];
                                
                        echo "\n\tName=$name";                                              
                    }
                    mysqli_free_result($queryresult); 
                    mysqli_close($conn);
                ?>
            </p>
        </body>
    </html>
Chris M
  • 1
  • 1
    $_REQUEST will be filled by passing into the URL or sent by a form. – Markus Zeller Aug 24 '22 at 15:20
  • 1
    **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. – ADyson Aug 24 '22 at 15:20
  • https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also the [mysqli documentation](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) and this: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. If you learnt your current technique from a tutorial or book, please don't use it again. – ADyson Aug 24 '22 at 15:20
  • `Should it not b asking for some user input with the $_Request?`...what is "it"? How are you executing this PHP script exactly? Do you submit a HTML form, or just visit a URL, or what? Yes, there needs to be some input provided in order for the value to show in the $_REQUEST array. Since request covers both GET and POST, it can be either a querystring parameter in the URL, or a body parameter in a POST request. See also https://www.php.net/manual/en/reserved.variables.request.php and the linked articles. – ADyson Aug 24 '22 at 15:21
  • So its just a script being ran through XAMMP and by accessing the php file 'zoo1.php'. I'm pretty new to PHP so it's confusing me, especially because its the tutors solution. I asked at stack overflow first because the responses and support are usually much better. Sorry if my question is vague, but being new, its hard to know how to ask them. – Chris M Aug 24 '22 at 15:29
  • `by accessing the php file 'zoo1.php` ...well you could access `zoo1.php?animalID=1` in the simplest case - that would supply the value to PHP via the URL query parameters. – ADyson Aug 24 '22 at 15:52
  • 1
    thanks ADyson, this helped me diagnose the issue. Embrassingly, our tutot made a mistake but your help cleared up a route to finding it! – Chris M Aug 24 '22 at 18:59

0 Answers0