I’m new to programming and now I’m working on a project, this project already have prototype that is made by senior student, but now there’s have multiple error in php file, and I can’t find a way to contact him, I google a lot and tried many way to fix it but doesn’t work, this is really driving me crazy.
here some example:
Warning: Undefined array key "id" in C:xampphtdocswarmhouseaeadmin.php on line 9
<?php
$result=All("select * from admin where id='1".$_GET["id"]."'");
foreach($result as $row)
{
?>
and this one:
C:xampphtdocswarmhouseaeditu.php on line 5
" enctype="multipart/form-data">
Warning: Undefined array key "id" in C:xampphtdocswarmhouseaeditu.php on line 8
<?php
require_once('sql.php'); ?>
<h1>ChangeMember</h1><br>
<form id="form" method="post" action="api.php?do=editu&id=<?=$_GET["id"]?>" enctype="multipart/form-data">
<?php
$result=All("select *from user where u_id='".$_GET["id"]."'");
foreach($result as $row)
{
?>
basically it’s seems like every file that have $_GET or $_POST something like this will have error, if someone need more information, just ask, I’ve been trying to solve this by myself several weeks, thank you.
I’m on PC and using xampp and phpmyadmin
2
Answers
The error explains it perfectly. There’s no
idkey in the$_GETparameters. If you visityoursite.com/aeadmin.phpit will throw an error because you aren’t supplying theidparameter, but if you visityoursite.com/aeadmin.php?id=123it will run fine.Add some checks before
$_GET["id"]is used to check if it exists, and do something else if it does not exist:As a tangent, it appears you are wide open to SQL Injections and should use parameterized prepared statements instead of manually building your queries. See PDO or MySQLi prepared statements.
//copy this line past on the top of your php code
$id = !isset($_GET[‘id’])? "" : $_GET[‘id’];
$qs="select *from user where u_id=’".$id."’";