Index is empty and i dont get why PHP

Question

I am trying to create my portfolio website where I can add content (such as projects, skills etc.) from a dashboard that only I can access.

I'm no working on updating experiences but it keeps telling me: Notice: Undefined index: id in D:\projects\personal_portfolio\classes\databaseQueries.php on line 245 which is this line: $id =$this->conn->real_escape_string($_GET["id"]);. This is the exact same line I used in the function for the projects.

It doesn't make sense to me because it is essentially the same function I used for updating projects. And with updating projects it just works fine and doesn't cause any errors.

This is the function for getting experiences to display in the inputs and right under it is the function which is supposed to update the experiences:

public function getExperienceUpdate(){
            $id =$this->conn->real_escape_string($_GET["id"]);
            $query = "SELECT * FROM experience WHERE id = '$id'";
            $result = $this->conn->query($query);
            if($result){
                if ($result->num_rows > 0) {
                    $data = array();
                    while ($row = $result->fetch_assoc()) {
                        $data[] = $row;
                    }
                    return $data;
                    var_dump($id, $query, $result);exit();
                }else{
                    echo "No records found";
                }
            }else {
                echo "error in ".$query."<br>".$this->conn->error;
            }
        }

        public function putExperience(){
            $function = $this->conn->real_escape_string($_POST['function']);
            $company = $this->conn->real_escape_string($_POST['company']);
            $place = $this->conn->real_escape_string($_POST['place']);
            $summary = $this->conn->real_escape_string($_POST['summary']);
            $period = $this->conn->real_escape_string($_POST['period']);
            $companywebsite = $this->conn->real_escape_string($_POST['companywebsite']);
            $id = $this->conn->real_escape_string($_POST['id']);
            if (!empty($id) && !empty($postData)) {
                $query = "UPDATE experience SET (function, company, place, summary, period, companywebsite) VALUES ($function, $company, $place, $summary, $period, $companywebsite) WHERE id = '$id'";
                $sql = $this->conn->query($query);
                if ($sql==true) {

                    header("Location: index.php?content=message&alert=update-experience-success");
                }else{
                    header("Location: index.php?content=message&alert=updateProject-error");

                }
                }
        }

This is the function for getting the projects to display in the inputs and right under it is the function which is supposed to update the projects:

public function displayProjectUpdate()
        {
            $id =$this->conn->real_escape_string($_GET["id"]);
            $query = "SELECT * FROM projects WHERE id = '$id'";
            $result = $this->conn->query($query);
            if($result){
                if ($result->num_rows > 0) {
                    $data = array();
                    while ($row = $result->fetch_assoc()) {
                        var_dump($id, $query);exit();
                            $data[] = $row;
                    }
                    return $data;
                }else{
                    echo "No found records";
                    }
            }else {
                echo "error in ".$query."<br>".$this->conn->error;
            }
        }

public function updateProjects($postData) {
            $filename = $this->conn->real_escape_string($_POST['filename']);
            $name = $this->conn->real_escape_string($_POST['name']);
            $githublink = $this->conn->real_escape_string($_POST['githublink']);
            $websitelink = $this->conn->real_escape_string($_POST['websitelink']);
            $p1 = $this->conn->real_escape_string($_POST['p1']);
            $p2 = $this->conn->real_escape_string($_POST['p2']);
            $p3 = $this->conn->real_escape_string($_POST['p3']);
            $p4 = $this->conn->real_escape_string($_POST['p4']);
            $id = $this->conn->real_escape_string($_POST['id']);
            if (!empty($id) && !empty($postData)) {
                $query = "UPDATE projects SET filename = '$filename', name = '$name', githublink = '$githublink', websitelink = '$websitelink', p1 = '$p1', p2 = '$p2', p3 = '$p3', p4 = '$p4' WHERE id = '$id'";
                $sql = $this->conn->query($query);
                if ($sql==true) {
                    header("Location: index.php?content=message&alert=updateProject-success");
                }else{
                    header("Location: index.php?content=message&alert=updateProject-error");

                }
                }
        }

All help is much appreciated!

Thanks in advance!

Clearly the `id` URL parameter doesn't exist. I cannot tell why. — KIKO Software, Oct 08 '22 at 12:35
welcome to stackovrflow magicalassembler! we can't exactly tell why `id` doesn't exists in `$_GET`. you should try to narrow down your problem: 1) on what page this problem occurs; 2) does the page have `id` in its query string parameter when the problem arise; 3) try to `var_dump($_GET)` and then call `die()` then see if `id` exists or not. — Bagus Tesa, Oct 08 '22 at 12:50
You should stop using `mysqli_real_escape_string()` as it's [not as secure as one might think](https://stackoverflow.com/questions/32391315/is-mysqli-real-escape-string-enough-to-avoid-sql-injection-or-other-sql-attack). Use prepared statements with placeholders instead. You can read [how to prevent SQL injection in PHP](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) to get a quick example of how to use them. — M. Eriksson, Oct 08 '22 at 12:52
Please clarify how you are calling whichever of the functions it is that is failing - hyperlink, form submission etc — Professor Abronsius, Oct 08 '22 at 13:08
@ProfessorAbronsius I have foreach loop in the a form and the id sits in the value of an input of type hidden within a anchor tag together with a submit button. And so, when the button is clicked, it should just update the records. — magicalassembler, Oct 08 '22 at 13:57

score 0 · Accepted Answer · answered Oct 15 '22 at 10:33

I changed the query from

$query = "UPDATE experience SET (function, company, place, summary, period, companywebsite) VALUES ($function, $company, $place, $summary, $period, $companywebsite) WHERE id = '$id'";

to

$query = "UPDATE experience SET function = '$function', company = '$company', place = '$place', summary = '$summary', period = '$period' WHERE id = '$id'";

and it works now.

I probably had a typo somewhere in the query so I decided to just redo the functions and now its working!

Index is empty and i dont get why PHP

1 Answers1