Undefined index error

[menre]

Hi All,
I am having an undefined index error when I preview my code and have had a look at the code over and over again, but still cannot identify my error. Could someone look at it for me please?

This is the code for my page.

Code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Online storefront: Just for baseball lovers.</title>
</head>
<body>

<?php 
//database connection
$mysqli = mysqli_connect('localhost','root','', 'eshop');

   $display_block = "<h1>Online store for baseball enthusiasts</h1>";

 	//validate item
	$get_item_sql = "SELECT c.id as cat_id, c.cat_title, si.item_title, si.item_price, si.item_desc, si.item_image FROM store_items AS si LEFT JOIN store_categories AS c on c.id = si.cat_id WHERE si.id = '".$_GET["item_id"]."'"; 
	
	//here we display the result
	$get_item_res = mysqli_query($mysqli, $get_item_sql) or die(mysqli_error($mysqli));
	
	if (mysqli_num_rows($get_item_res) < 1) {
		//invalid item
		$display_block .= "<p><em>Invalid item selction.</em></p>";
	}
	else {
		//valid item, get info
		while ($item_info = mysqli_fetch_array($get_item_res)) {
			$cat_id = $item_info['cat_id'];
			$cat_title = strtoupper(stripslashes($item_info['cat_title']));
			$item_title = stripslashes($item_info['item_title']);
			$item_price = $item_info['item_price'];
			$item_desc =  stripslashes($item_info['item_desc']);
			$item_image = $item_info['item_image'];
		}
	
	 //here make breadcrumb trail
	 $display_block  .= "<p><strong><em>You are viewing:</em><br/>
	 <a href=\"seestore.php?cat_id=".$cat_id."\">".$cat_title."</a>&gt; ".$item_title."</strong></p>
	 <table cellpadding=\"3\" cellspacing=\"3\">
	 <tr>
	 <td valign=\"middle\" align=\"center\">
	 <img src=\"".$item_image."\"/></td>
	 <td valign=\"middle\"><p><strong>Description:</strong><br/>".
	 $item_desc."</p>
	 <p><strong>Price:</strong> \$".$item_price."</p>";
	 
	 //free result
	 mysqli_free_result($get_item_res);
	 
	 //get colors
	 $get_colors_sql = "SELECT item_color FROM store_item_color WHERE item_id = '".$_GET["item_id"]."' ORDER BY item_color";
	 //now show the results for get color
	 $get_color_res = mysqli_query($mysqli, $get_colors_sql)
	    or die(mysqli_error($mysqli));
		
		if (mysqli_num_rows($get_colors_res) > 0) {
			$display_block .= "<p><strong>Available Colors:</strong><br/>";
			while ($colors = mysqli_fetch_array($get_colors_res)) {
				$item_color = $colors['item_color'];
				$display_block .= $item_color."<br/>";
			}
		}
		
		//free result
		mysqli_free_result($get_color);
		
		//get sizes
		$get_sizes_sql = "SELECT item_size FROM store_item_size WHERE item_id = ".$_GET["item_id"]." ORDER BY item_size";
		//we show the rsult get sizes below
		$get_sizes_res = mysqli_query($mysqli,$get_sizes_sql) or die(mysqli_error($mysqli));
		
		if (mysqli_num_rows($get_sizes_res) > 0) {
			$display_block .= "<p><strong>Available Sizes:</strong><br/>";
			while ($sizes = mysqli_fetch_array($get_sizes_res)) {
				$item_size = $sizes['item_size'];
				
				$display_block .= $item_size."<br/>";
			}
		}
		//free result
		mysqli_free_result($get_sizes_res);
		
		$display_block .= "
		</td>
		</tr>
		</table>";
	}
?>

<?php echo $display_block;?>

</body>
</html>

This is the error that I am getting.

Code:

Notice: Undefined index: item_id in C:\xampp\htdocs\store\showitem.php on line 16

Online store for baseball enthusiasts
Invalid item selction.

I will appreciate some help please.
Thanks,
Menre

[SambaNeko]

"Undefined index" means that you're trying to access an element in an array that does not exist. So, what's on line 16?

PHP Code:

$get_item_sql = "SELECT c.id as cat_id, c.cat_title, si.item_title, si.item_price, si.item_desc, si.item_image FROM store_items AS si LEFT JOIN store_categories AS c on c.id = si.cat_id WHERE si.id = '".$_GET["item_id"]."'"; 


So "item_id" is not a defined index in the $_GET array. You can of course populate it by adding to the URL's query string ("?item_id=x"), but you should also check for its being empty:

PHP Code:

if(!isset($_GET["item_id"])){
  //populate with a default value,
  //or do something else
} 


And you should absolutely never put a variable from $_GET into an unprepared SQL statement without sanitization.

[menre]

Hello,

Thanks for your response to my message. I do not normally like to be spoon-fed. When you say, "Undefined index" means that you're trying to access an element in an array that does not exist. I fully understand that. But anything else I do not understand its implementation. "You can of course populate it by adding to the URL's query string ("?item_id=x"), but you should also check for its being empty:"

It is like I am making a mess of it now with my attempt. Could you make this correction to my code that I posted earlier and see if it works, please?

I will really appreciate your help.

Menre

[SambaNeko]

Your code is failing because $_GET['item_id'] doesn't exist. In order for it to exist, you need to put a query string variable in the URL: http://www.yourdomain.com/pageName.php?item_id=3

Since you cannot ensure that your page will always be accessed with the proper query string, you should check for the presence of $_GET variables before attempting to use them in your code. You can do this with the isset() function, like so:

PHP Code:

//set a default value for our variable:
$item_id = 1;

if(isset($_GET['item_id'])){
  //$_GET['item_id] exists,
  //so overwrite the default value of the variable with the given value from $_GET:
  $item_id = $_GET['item_id'];
}

//rather than using the $_GET variable in our query, use the variable we set up:
$get_item_sql = "SELECT c.id as cat_id, c.cat_title, si.item_title, si.item_price, si.item_desc, si.item_image FROM store_items AS si LEFT JOIN store_categories AS c on c.id = si.cat_id WHERE si.id = '".$item_id."'"; 


[penagate]

I would put the query within the if (isset(...)) block as well since the whole procedure is dependent on that variable being present.

Also, please take note of Samba's advice here:

absolutely never put a variable from $_GET into an unprepared SQL statement without sanitization

Since you're using mysqli already, make use of its prepared statement support.
Look at the examples here:
http://php.net/manual/en/mysqli.prepare.php

Notice how they use the bind_param function. This separates the data from the SQL, so that the semantics of the query cannot be altered by the data.

[menre]

Hi Everyone,
Thanks for your advice and responses. They all really helped me out. it is working now. I did it the way you adised and everything is now fine. There were a few other errors and I was able to fix those ones. The full working code is placed below.

Code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Online storefront: Just for baseball lovers.</title>
</head>
<body>

<?php 
//connect to the database here. Note, if you have a database already and you know the name, you can add it after the password argument.
$mysqli = mysqli_connect('localhost','root','', 'eshop');
        //echo "I am well connected";
   $display_block = "<h1>Online store for baseball enthusiasts</h1>";
//we set a default value for our variable

$item_id = 1;

if (isset($_GET['item_id'])) {
	//we know that item_id exists
	//we now overide the default value of the variable with the given value from $_GET
	$item_id = $_GET['item_id'];
}

 	//validate item
	$get_item_sql = "SELECT c.id as cat_id, c.cat_title, si.item_title, si.item_price, si.item_desc, si.item_image FROM store_items AS si LEFT JOIN store_categories AS c on c.id = si.cat_id WHERE si.id = '".$item_id."'"; 
	
	//here we display the result
	$get_item_res = mysqli_query($mysqli, $get_item_sql) or die(mysqli_error($mysqli));
	
	if (mysqli_num_rows($get_item_res) < 1) {
		//invalid item
		$display_block .= "<p><em>Invalid item selction.</em></p>";
	}
	else {
		//valid item, get info
		while ($item_info = mysqli_fetch_array($get_item_res)) {
			$cat_id = $item_info['cat_id'];
			$cat_title = strtoupper(stripslashes($item_info['cat_title']));
			$item_title = stripslashes($item_info['item_title']);
			$item_price = $item_info['item_price'];
			$item_desc =  stripslashes($item_info['item_desc']);
			$item_image = $item_info['item_image'];
		}
	
	 //here make breadcrumb trail
	 $display_block  .= "<p><strong><em>You are viewing:</em><br/>
	 <a href=\"seestore.php?cat_id=".$cat_id."\">".$cat_title."</a>&gt; ".$item_title."</strong></p>
	 <table cellpadding=\"3\" cellspacing=\"3\">
	 <tr>
	 <td valign=\"middle\" align=\"center\">
	 <img src=\"".$item_image."\"/></td>
	 <td valign=\"middle\"><p><strong>Description:</strong><br/>".
	 $item_desc."</p>
	 <p><strong>Price:</strong> \$".$item_price."</p>";
	 
	 //free result
	 mysqli_free_result($get_item_res);
	 
	 //get colors
	 $get_colors_sql = "SELECT item_color FROM store_item_color WHERE item_id = '".$item_id."' ORDER BY item_color";
	 //now show the results for get color
	 $get_color_res = mysqli_query($mysqli, $get_colors_sql)
	    or die(mysqli_error($mysqli));
		
		if (mysqli_num_rows($get_color_res) > 0) {
			$display_block .= "<p><strong>Available Colors:</strong><br/>";
			while ($colors = mysqli_fetch_array($get_color_res)) {
				$item_color = $colors['item_color'];
				$display_block .= $item_color."<br/>";
			}
		}
		
		//free result
		mysqli_free_result($get_color_res);
		
		//get sizes
		$get_sizes_sql = "SELECT item_size FROM store_item_size WHERE item_id = '".$item_id."' ORDER BY item_size";
		//we show the rsult get sizes below
		$get_sizes_res = mysqli_query($mysqli,$get_sizes_sql) or die(mysqli_error($mysqli));
		
		if (mysqli_num_rows($get_sizes_res) > 0) {
			$display_block .= "<p><strong>Available Sizes:</strong><br/>";
			while ($sizes = mysqli_fetch_array($get_sizes_res)) {
				$item_size = $sizes['item_size'];
				
				$display_block .= $item_size."<br/>";
			}
		}
		//free result
		mysqli_free_result($get_sizes_res);
		
		$display_block .= "
		</td>
		</tr>
		</table>";
	}
?>

<?php echo $display_block;?>

</body>
</html>

It is always a pleasure learning from PROS like you. Once again, thanks.
Menre