php errors.

[jacob1986]

I have typed some code (from a book) but I keep getting the errors - 'Notice: Undefined index: id in C:\xampp\htdocs\article_detail.php on line 2' and 'Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\article_detail.php on line 14'.

 

I have highlighted (in bold) both the second and fourteenth line (errors from above) in the code. What I should see is a page like the one described below.

 

******************************************

My article title goes here

published At: 2014-02-11

this is article content

**************************************************************

 

The code is as followed:

<?php
$id= $_GET["id"];

$server="localhost";
$dbuser="root";
$password="";

$link=mysqli_connect($server,$dbuser,$password);
mysqli_select_db($link,"blog");

$sql="SELECT * FORM article WHERE id=$id";
$result=mysqli_query($link,$sql);

$row=mysqli_fetch_array($result);

$title=$row["title"];
$content=$row["content"];
$publication_date=$row["publication_date"];

mysqli_close($link);
?>

<h3><?php echo $title;?></h3>

Published At:<?php echo $publication_date; ?>

<p><?php echo $content; ?></p>
 

 

[mac_gyver]

the first error is because there is no ?id=value present on the end of the url when you requested the page and $_GET['id'] doesn't exist.

 

for variables that may not exist, you need to test if they do exist before referencing them. php has a function, isset() that can be used for this.

 

the second error is actually related to the first one. without any id value, the sql query statement becomes "SELECT * FORM article WHERE id=" which is syntactically incorrect and produces a query error. if you had error checking logic in your code (which you should always have) to test if the query ran without any errors, you would be getting a mysql error at that point in the sql statement. you also have a typo in the FORM keyword in the sql statement. it should be FROM

 

so, two recommendations -

 

1) for variables that may not exist, test if they are present before trying to use them, and if they don't exist, take an appropriate action, such as not running the code that's dependent on the variable existing.

 

2) always test for database query errors before trying to use the result from the query. and related to this, even if the query runs without any errors, it may not match any rows in the database table. you should also test if the query matched any rows before trying to fetch and use the data from the query.

 

edit: as an additional note: all external data cannot be trusted. you must validate not only that it exists, but that it contains an expected value or that you render any nefarious value in it, inert.

 

edit2: and you should also test if the database connection and select_db statements worked (you can select the database at the same time you make the connection.)

Edited June 15, 2015 by mac_gyver

[jacob1986]

I have managed to get the code to work (is my face red)... I had a typo (as you said regarding form and from), moreover; I changed the url to http://localhost/article_detail.php?id=4 and it worked.