Click here to Skip to main content
15,867,870 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
My code contains files:

first_file.php
Var add_to_request will always contains one argument.
I would like to transfer variable add_to_request to session new_argument...


PHP
function properties(){
    switch (current_propertie){   
         case "red":
            var add_to_request="color = red";
            document.getElementById("demo").innerHTML = add_to_request;
            break;
        
         case "small":
             var add_to_request "size= small";
             document.getElementById("demo").innerHTML = add_to_request;
             break;
        
         case "triangle":
             var add_to_request="shape = triangle";
             document.getElementById("demo").innerHTML = add_to_request;
             break;
    }    
}


Another php file second_file.php contains
And I would like to write to the second file as new sql argument


PHP
connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

include 'first_file.php';  
$sql = "SELECT thing FROM thing_table WHERE " .$_POST['new_argument']; 
echo $sql;


What I have tried:

But when I run it. I see:

Notice: Undefined index: update_dotaz in C:\xampp\htdocs\things\second_file.php on line 9
SELECT thing FROM thing_table WHERE

Could you help me, how to write content of add_to_request to request in another file?
Thank you very much.
Posted
Updated 4-Jan-21 19:29pm
Comments
Richard Deeming 6-Jan-21 9:58am    
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]

1 solution

Make sure that particular variable/object/element exists before using it. Debug your code to ensure.
In your code, $_POST['new_argument'] is the issue. Use if condition before accessing the value. Sample code is below.
if(!empty($_POST['new_argument']))
{
	$vnew_argument = $_POST['new_argument'];

	echo $vnew_argument;
}

If value of that new_argument is blank/null, your SQL query is doomed without WHERE clause so debug & update your code.
Check these threads for more details.

arrays - "Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset" using PHP - Stack Overflow[^]
How to fix 'Notice: Undefined index:' in PHP form action - Stack Overflow[^]
php $_GET and undefined index - Stack Overflow[^]
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900