Beginner help

[BobSmith40]

Hello, I looking for some beginner help. I am making a basic e-commerce site and have been getting Undefined variable errors for my product page, I have declared them in the top php block and called them in the form. I have been trying to fix these errors but cant see anything wrong with the code, I know its not a connecting to MySQL problem as other pages have worked. If anyone can help I would be very grateful.

_________________________________________________________________________________________________________________________________________________

Code Listing:

 

<?php 
//Error reporting
error_reporting(E_ALL);
ini_set('display_errors', '1');
?>
 
<?php
//check to see if the variable exists in the database
if(isset($_GET['id'])){
include "storescripts/connect_mysql.php";
 
$sql = mysql_query("SELECT * FROM products WHERE id='$id' LIMIT 1");
$productCount = mysql_num_rows($sql); // count the output amount
if ($productCount > 0) {
//get product details details
while($row = mysql_fetch_array($sql)){ 
             
$product_name = $row["product_name"];
$price = $row["price"];
$description = $row["description"];
$category = $row["category"];
$subcategory = $row["subcategory"];
 
    }
} else {
echo "That item does not exist.";
   exit();
}
}
mysql_close();
?>
 
<!doctype html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?php echo $product_name; ?></title>
<link rel="stylesheet" href="style/standard_style.css" type="text/css"media="screen" />
 
</head>
 
<body>
 
<div a align="center"id="mainWrapper">
<?php include_once("template_header.php");?>
 
<div id="PageContent">
 <table width="100%" border="0" cellspacing="0" cellpadding="15">
  <tr>
    <td width="22%" valign="top"><img src="inventory_images/<?php echo $id; ?>.jpg" width="181" height="188" alt="<?php echo $product_name; ?>" /></td>
    <td width="78%" valign="top"><h3><?php echo $product_name; ?></h3>
      <p>
 <?php echo $price; ?><br />
        <br />
        <?php echo $category; ?>
        <?php echo $subcategory; ?> <br />
        
<br />
        <?php echo $description; ?>
<br />
        </p>
      <form id="form1" name="form1" method="post" action="cart.php">
        <input type="hidden" name="pid" id="pid" value="<?php echo $id; ?>" />
        <input type="submit" name="button" id="button" value="Add to Shopping Cart" />
      </form>
      </td>
    </tr>
</table>
</div>
<?php include_once("template_footer.php"); ?>
</div>
</body>
</html>

Edited January 19, 2016 by cyberRobot
Added [code][/code] tags

[mac_gyver]

start with the first error message. i'm betting it concerns an undefined variable $id on about line 12 in your code.

 

this is the line of code - $sql = mysql_query("SELECT * FROM products WHERE id='$id' LIMIT 1");

 

where in your code, prior to that line, have you defined a variable named $id and assigned it a value? the answer is you haven't.

 

unfortunately, php at one time (14 years ago) would have defined the $id variable, based on the existence of the $_GET['id'] variable. this however resulted in a huge security hole and was turned off by default 14 years ago and was finally removed from php a few years ago.

 

for there to be a variable named $id, you must create it and assign a value to it from the $_GET['id'] variable or you must use the $_GET['id'] variable in your code.

 

however, putting external data directly into an sql query statement allows sql injection and anyone can run any sql they want on your server.

 

the best way of preventing sql injection is to use prepared queries, with place-holders in the sql statement were data goes, then bind the actual data or variable holding the data with the place-holder.

 

also, the mysql_ functions are obsolete and have been removed in the latest version of php. you should be learning to use either the PDO (the best choice, especially if using prepared queries) or mysqli_ functions.

 

lastly, for the rest of the undefined variable errors. your page is dependent on there being an id value to put into the sql query statement, the sql query running without any errors, and upon the sql query finding a matching row in the database table. if all three of these conditions are not met, there will be no data to display. in this case, you should output a appropriate message on the page to let the user know what's wrong and not try to reference non-existent data.