0

i am trying to pass a php value get from page1.php to ra.php. user clicks on something in page1.php and a unique id is being passed to ra. php via url that i extract using $_GET but when i click on submit button in ra. php it says

PHP Notice: Undefined variable: c_id in "filepath" on line 22 the variable used in input field for value

The code of ra.php is as following:

<?php
require 'config.php';
$c_id = '';
$cmt_id;
if(isset($_GET['cid']))
{
    $c_id= $_GET['cid'];

    if(isset($_POST['submit']))
    {
        $cmt_id = ($_POST['com_id']);
        $sql = "INSERT INTO ra(comment_id) 
                VALUES('$cmt_id')";

                $success = $conn->exec($sql);
    }
}
$conn = null;
?>
<!DOCTYPE html>
     <html lang="en">
        <body>
            <form action="ra.php" method="post">
              <input type="text" name="com_id" value="<?php echo $c_id;?>">
               <button type="submit" name="submit">Submit</button>
            </form>
         </body>

       </html>

it shows the value passed by page1.php via url in inpur field. but when i click on submit then instead of inserting the data into database it displays the error notice for c_id in input filed line.

I have tested the if(isset($_GET['cid'])) and its true it gets the value from page1.php. but some how does not pass the value to the database.

pgill
  • 33
  • 7
  • 1
    Have a definition of `$c_id` before `isset($_GET['cid'])`. – Joseph D. May 25 '17 at 17:50
  • 1
    Maybe you should show us the `page1.php` code then – RiggsFolly May 25 '17 at 17:50
  • `$c_id` is defined only **if** `$_GET['cid']` was set – peterchaula May 25 '17 at 17:51
  • Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky May 25 '17 at 17:51
  • 1
    Change to this `value="= isset($c_id) ? $c_id : '' ?>">` – peterchaula May 25 '17 at 17:53
  • – Shafiqul Islam May 25 '17 at 17:54
  • To elaborate on what the issue is, you initially check if `isset($_GET['cid'])` and then set `$cid` to that get var. However, you never set `$cid` anywhere outside of that `if` statement. So if `$_GET['cid']` is not set, `$cid` is not set either (since it is only set if `isset($_GET['cid'])`). Then later down in your form you use the variable `$cid` which once again is not set if the get variable isn't set. So the easy fix is to just put something like `$cid = '';` before your if statement. This will give `$cid` an initial value that will be overwritten if the get var exists. – Jonathan Kuhn May 25 '17 at 17:59
  • @JonathanKuhn after adding $cid = ''; before if statement stop showing the error but it is still not inserting the data into database. – pgill May 25 '17 at 18:02
  • @JonathanKuhn but this statement gets the value from input field before insertion : $cmt_id = ($_POST['com_id']); i also tried declaring $cmt_id before using it. but still same no value in database as well i also tried $sql = "INSERT INTO ra(comment_id) VALUES('$c_id')"; – pgill May 25 '17 at 18:08
  • @AlexHowansky i am using PHP PDO this is just the shortest version of the whole page. every thing else is going into the database correctly only this cid that i get from the last page is not being inserted. it displays in the input field or in simple echo statement but insertion is not happening. – pgill May 25 '17 at 18:27
  • Yea, I saw that afterwards. Try building the query in a variable as a string and echo'ing it out to make sure it looks right. – Jonathan Kuhn May 25 '17 at 18:55

0 Answers0