0

Hello there everyone!!

i have created a succesful page that will update the profile of the students. It has the ability to edit the students profile and academic records. I have found out that the page is loaded so i decided to separate the two (student's profile and academic record). As easy as it gets i just copy paste it to a new file (a page for academic record only) and omits the html and handlers for student's profile codes. Unluckily i have encountered this error.

Notice: Undefined index: id in C:\xamppp\htdocs\a\Admin_Edit_Student_Acadrecord.php on line 13

Notice: Undefined index: id in C:\xamppp\htdocs\a\Admin_Edit_Student_Acadrecord.php on line 14

here are the line 13 and 14 codes

<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
    session_start();
    $session_id = $_SESSION['admin_id'];
    if($session_id == null){
       header("location:Admin_Home.php");
       die();
    }

    include 'Connect.php';
    $flag = "";
    $student_id = htmlentities($_GET['id'], ENT_QUOTES);
    $query = "SELECT * FROM student_information where student_id='$_GET[id]'";
    $result = mysqli_query($link_id, $query);
    $data    = mysqli_fetch_array($result);    
?>

i hope someone could help me figure this out. Thank you and more power Daniweb.

2
Contributors
1
Reply
5
Views
3 Years
Discussion Span
Last Post by cereal
0

It happens because the url opening the page does not set the id parameter:

yourpage.php?id=123

To prevent this error you can add a check. array_key_exists will not consider if id is empty or not ?id= vs ?id=21, but only if the key exists:

if( ! array_key_exists('id', $_GET))
{
    die('Error: missing id');
}

Then you have to cast the value: if you're using integers for the student_id then do not allow other characters, for example:

$_GET['id'] = is_numeric($_GET['id']) ? intval($_GET['id']) : 0;

The above is use to prevent returning 1 when submitting empty arrays to intval, for example ?id=[].

You should definitely use prepared statements to prevent sql injections: use the mysqli bind method to cast the values but if you use $_GET['id'] somewhere else, for example for the redirect, then you always need to verify that the value is legit.

For more information about the validation process read this:

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.