How to solve undefined variable id?

Question

1.00/5 (1 vote)

See more:

From a user signup database I want to show some specific tables from database according to user. Like in your social media profile you have only your informration. But my code showing id(auto incremented) is undefined.

What I have tried:

PHP

$db = mysqli_connect('localhost', 'root', '', 'regi');
$sql = "SELECT * FROM user where id='$id'";
$records= mysqli_query($db, $sql);
while($row=mysqli_fetch_assoc($records)){
	 $_SESSION["username"][]= $row["username"];
}

Posted 19-Aug-19 0:16am

mehdiazizrafi

Updated 19-Aug-19 0:39am

Add a Solution

Comments

Richard MacCutchan 19-Aug-19 6:33am

Where is id defined, and where is $id defined?

mehdiazizrafi 19-Aug-19 10:05am

*id* is from table user of database *regi*. How can I define $id?

Richard MacCutchan 19-Aug-19 10:24am

But the error message says it is undefined, so something is not correct here.

mehdiazizrafi 19-Aug-19 11:22am

yes i know its undefined. I asked here just to find out how can I define it.

2 solutions

Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Patrice T · Answer 1 · 2019-08-19T00:39:00

Quote:
But my code showing id(auto incremented) is undefined.

We need to know the structure of database.
$id is a php variable injected in the sql query, but it is not defined in the code snipset.

PHP

$sql = "SELECT * FROM user where id='$id'";

Not necessary a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
How can I explain SQL injection without technical jargon? - Information Security Stack Exchange[^]

OriginalGriff · Answer 2 · 2019-08-19T00:39:00

Solution 2

You need to look at this in the context of the whole system: most likely you need to look at the definition of your user table in your DB and check if it includes a column called "id". If it doesn't, then you will get an SQL error when you try to select it.

Posted 19-Aug-19 0:39am

OriginalGriff

Comments

mehdiazizrafi 19-Aug-19 10:09am

yes. it has four column: id(ai), username, email, password

OriginalGriff 19-Aug-19 10:32am

Then use the debugger to find out exactly where the error message is, and check you are connected to the right DB.

mehdiazizrafi 19-Aug-19 11:23am

debugger!?

OriginalGriff 19-Aug-19 11:37am

How have you got to the point of writing code without knowing what a debugger is, and how to use it?

Off to Google with you! :laugh:

How to solve undefined variable id?

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0

How to solve undefined variable id?

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0

Existing Members

...or Join us