Error: Undefined index

-3

I have this code and it gives me the following error:

  

Notice: Undefined index: ID in

<?
require('../members/inc/config.php');
require('../lib/framework.php');

// load the configuration file.
$newsid = $_GET['ID'];

$stmt = $db->query("SELECT * FROM news ORDER BY id = '$newsid' ");
while($myrow = $stmt->fetch(PDO::FETCH_ASSOC)) {

               //now print the results:
               echo "<b>Title: ";
               echo $myrow['Title'];
               echo "</b><br>On: <i>";
               echo $myrow['Date'];
               echo $myrow['Embed'];
               echo "</i><hr align=left width=160>";
               echo $myrow['Hour'];

               // Now print the options to (Read,Edit & Delete the news)
               echo "<br><a href=\"testonho.php?newsid=$myrow[ID]\">Read More...</a>
                || <a href=\"edit_news.php?newsid=$myrow[ID]\">Edit</a>
                 || <a href=\"delete_news.php?newsid=$myrow[ID]\">Delete</a><br><hr>";

             }//end of loop

?> 

I've had other issues related to this error here in StackOverflow and I did not really find what I wanted. I would like a resolution help for this problem: s

    
asked by anonymous 27.01.2015 / 23:26

2 answers

0

It seems that your code is not expressing your idea is to display only one record, use WHERE clause in select.

$stmt = $db->query("SELECT * FROM news WHERE id = '$newsid' ORDER BY id");

To avoid sql injection use prepared statements, the code does not change much, a step is added to the process:

$sql = 'SELECT * FROM news '; 

 if(!empty($newsid){// caso tenha um id exibe somente ele
    $sql .= ' WHERE id = ? ORDER BY id';
 }    

$stmt = $db->prepare($sql);
$stmt->execute(array($newsid)); // aqui faz o bind da interrogação com $newsid
$itens = $stmt->fetchAll(PDO::FETCH_ASSOC); //retorna todas as linhas de uma vez.

foreach($itens as $myrow){
   echo ....
}

To receive parameters through the url, you need to use the same name defined in the link, eg: yoursite.com?newsid=ID_DA_NOTICIA, you should call this

 $newsid = $_GET['newsid'];

and not $_GET['ID'] Because the string ID has not been defined in the link.

    
27.01.2015 / 23:58
2

You have an error in $myrow[ID] in the three links lines that make up the HTML. The correct one must be $myrow['ID'] . And it needs to encapsulate between braces because it's a complex expression. So:

echo "<br><a href=\"testonho.php?newsid={$myrow['ID']}\">Read More...</a>
            || <a href=\"edit_news.php?newsid={$myrow['ID']}\">Edit</a>
             || <a href=\"delete_news.php?newsid={$myrow['ID']}\">Delete</a><br><hr>";

With the new information passed in commentary on how the first call is being made it becomes clear that it needs another change. Line 6 needs to be changed to:

$newsid = $_GET['newsid'];

In addition, it has a nice vulnerability that could allow SQL Injection but not related to the reported problem.

    
27.01.2015 / 23:29