[HELP]Undefined index Error

[KazeFlame]

Error:

Code:

Notice: Undefined index: gameid in C:\Xampp\htdocs\index.php on line 5

Code:

PHP Code:

<?php

include 'connect.php';

$id = $_POST['gameid'];
$step1 = "select * from flashgames where gameid = '$id'";
$step2 = mysql_query($step1) or die ("Could not select game");
$flashgame = mysql_fetch_array($step2);

echo "<center>";
echo "<h1>" . $flashgame['name'] . "</h1>";
echo "<embed src='" . $flashgame['url'] . "' width='750' height='480'></embed>";
echo "<p>Game played " . $flashgame['playedtimes'] . " times.</p>";
echo "<b>Game Desciption:</b><br/>" . $flashgame['description'];
echo "<br/><b>Genre:</b> " . $flashgame['genre'];
echo "<br/><b>Controls:</b><br/>" . $flashgame['controls'];
echo "<br/><br/>Did you like the game? <!-- Node.js goes here soon --><form action='rate.php?gameid=1' method='get'><input type='button' name='rate' value='YES'/><input type='button' name='rate' value='NO'/></form>";
echo "YES: " . $flashgame['rate-yes'] . "%<br/>NO: " . $flashgame['rate-no'] . "%";
echo "</center>";

?>

For those who will help.

[davidjones1990]

It basically means that gameid isn't in the $_POST array.

Try check of its set before trying to use it.

[idalatob]

Couple of small tips:

PHP Code:

//use 'isset' to determine if a variable exists
if (!isset($_POST['gameid'])) {
    die("No game defined");
}

//escape any content you may be getting from the user
//otherwise, you are putting your website in danger (google -> mysql injection)

$id = mysql_real_escape_string($_POST['gameid']); 


There is a really nice sticky on this forum somewhere (i'll go look for the link), that details good practice when writing PHP code.

Edit: Found the link, here it is: http://www.codingforums.com/showthread.php?t=220807

[KazeFlame]

XD
Problem solve. I wrote POST instead of GET.

[Fou-Lu]

Quote:

Originally Posted by KazeFlame

XD
Problem solve. I wrote POST instead of GET.

This still won't actually solve the problem. The issue is you are accessing array offsets which may or may not exist. PHP triggers a notice when it does not, but you code will happily continue without a set variable. If you access the page directly, than it will not work properly.
As pointed out, you need to check that its set before doing any processing.

PHP Code:

if (isset($_GET['gameid']))
{
    // all your code in here
}
else
{
    print 'No data to show.';
} 


The code you have doesn't verify that there isn't a problem otherwise. If the value isn't set, then you still end up with the results, but will trigger many errors since $flashgame will be null. The die on the query won't do anything unless its syntactically a failure; querying an invalid where isn't considered a failure, it will simply return a resultset with no results in it.

Quote:

Originally Posted by idalatob

Couple of small tips:

PHP Code:

//use 'isset' to determine if a variable exists
if (!isset($_POST['gameid'])) {
    die("No game defined");
}

//escape any content you may be getting from the user
//otherwise, you are putting your website in danger (google -> mysql injection)

$id = mysql_real_escape_string($_POST['gameid']); 


There is a really nice sticky on this forum somewhere (i'll go look for the link), that details good practice when writing PHP code.

Edit: Found the link, here it is: http://www.codingforums.com/showthread.php?t=220807

Its a little out of date, but many of the same concepts still applies. I'd recommend moving to PDO or MySQLi even just for the prepared statements. Statements do not need to be escaped since the sql structure is compiled separately from the data provided. So all you need to do in advance is make sure that magic_quotes_gpc isn't running (gone as of 5.4 btw), and if it is to issue a stripslashes first.