Page 1 of 1

variable not set

Posted: Tue Oct 04, 2005 10:40 pm
by dru_nasty
Any reason why the following snippet wouldn't work.
Everything is named correctly (matching) in the database.
The db connection is fine.
But I keep getting the error_msg. I'm still a newb so bare with me.
The id is obviously not set (is that correct?)
I did some searching and found that HTTP_GET_VARS has been depricated. Could this cause the issue, or is there something else there I'm missing?

Code: Select all

// the id has to be set if not error out
if(isset($HTTP_GET_VARS['id'])){
	$query = "SELECT id, when_added, author, rating, body, title, sport, cont_type from page_content where id = '$id'";
	if($rs = mysql_query($query, $db_conn) and mysql_num_rows($rs) == 1){
		$row = mysql_fetch_array($rs);
		$arr['id'] = $row[0];
		$arr['when_added'] = $row[1];
		$arr['author'] = $row[2];
		$arr['rating'] = $row[3];
		$arr['body'] = $row[4];
		$arr['title'] = $row[5];
		$arr['sport'] = $row[6];
		$arr['cont_type'] = $row[7];
	}else{
	$error = true;
	$error_msg = "Item Id Not Found";		
	}
}else{
	$error = true;
	$error_msg = "Item Id Not Found";
}

Posted: Tue Oct 04, 2005 11:01 pm
by feyd
I would think that either $HTTP_GET_VARS isn't set or $id isn't set.. if you are expecting that $id is equal to $HTTP_GET_VARS['id'] without explicitly setting it (assuming register globals are off) then that would definitely be it. Using $_GET instead of $HTTP_GET_VARS is preferred with newer versions of PHP.

Posted: Wed Oct 05, 2005 5:20 am
by Jenk
It'll be the use of $id without defining it that is causing the error.

Always, Always explicitly define all of your variables, particularly for using within SQL statements (and cleanse them too!)

I use code similar to below when I referring to these types of situations:

Code: Select all

<?php

$id = (isset($_GET['id']) ? intval($_GET['id']) : false;

if($id){
    $query = "SELECT id, when_added, author, rating, body, title, sport, cont_type from page_content where id = '$id'";
    if($rs = mysql_query($query, $db_conn) and mysql_num_rows($rs) == 1){
        $row = mysql_fetch_array($rs);
        $arr['id'] = $row[0];
        $arr['when_added'] = $row[1];
        $arr['author'] = $row[2];
        $arr['rating'] = $row[3];
        $arr['body'] = $row[4];
        $arr['title'] = $row[5];
        $arr['sport'] = $row[6];
        $arr['cont_type'] = $row[7];
    }else{
    $error = true;
    $error_msg = "Item Id Not Found";        
    }
}else{
    $error = true;
    $error_msg = "Item Id Not Found";
} 
?>
If the field 'id' is not an integer value, then use mysql_real_escape_string() instead of intval().

Posted: Wed Oct 05, 2005 8:49 am
by dru_nasty
Thanks guys,

I'll try out some of these ideas when I get home from work tonight.

:wink: