Question
i have an question about a command that won't give
Notice: Undefined index: q in C:\xampp\htdocs\Capstone - Copy\index.php on line 118
even if the field is empty i have this code for the site that's the only problem where if i don't put a value in my search it will give that error and can i erase the value of get when i reload the site so it will only give the default output that is the whole rows and pictures i'll put a print screen of the site the screen shot is the default view of the site.
https://stackoverflow.com/questions/17956032
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian> <?php
>
> $searchtext = $_GET['q'];
>
>
> $per_page =5;
> $pages_query = mysql_query("SELECT COUNT('PersonID') FROM persons");
> $pages = ceil(mysql_result($pages_query,0) / $per_page);
>
> $page = (isset($_GET['page'])) ? (int)$_GET['page'] : 1;
> $start = ($page - 1) * $per_page;
>
>
> $query=mysql_query("select * from persons where firstname like
> '%$searchtext' or lastname like '%$searchtext' order by date desc
> LIMIT $start,$per_page "); while($test = mysql_fetch_array($query))
> {
> $id = $test['PersonID'];
>
>
>
> echo"<div class = content />";
> echo"<img height=200 width=200 src='upload/". $test['Image'] ."'/>";
> echo"" .$test['LastName']." ";
> echo"". $test['MiddleName']. " ";
> echo"". $test['FirstName']. "";
> echo"<right> <a href ='view.php?PersonID=$id'>Edit</a></right>";
> echo"<right> <a href ='del.php?PersonID=$id'>Delete</a></right>";
> echo"</div>";
>
>
>
> }
> if ($pages >=1 && $page <= $pages) {
> for ($x=1; $x<=$pages; $x++) {
> echo ($x == $page) ? '<strong><a href="?page='.$x.'">'.$x.' </a></strong> ' : '<a
> href="?page='.$x.'">'.$x.' </a>';
> }
> } ?>
>
>
and here's the sample result that won't give an error because there's a default value
Solution
You want to only run the query if $searchtext is not null.
$searchtext = '';
if(isset($_GET['q'])) $searchtext = $_GET['q'];
if($searchtext) {
//run query
//display results
} else {
//display normal page
}
Keep in mind that as you have this now, your begging for an SQL Injection attack. Please use PDO and bind the values.
OTHER TIPS
Well if i understood you correctly this should help:
Change this: $searchtext = $_GET['q'];
to this: $searchText = isset($_GET['q']) ? mysql_real_escape_string($_GET['q']) : "";
WATCH OUT
Please do not use the mysql_* functions anymore and switch instead to the mysqli_ functions or PDO. mysql_ is with php 5.5 deprecated and won't be supported by php >= 5.5. In addition to this i should mention, that your script is vulnerable for mysql injections. Always escape your values before inserting them into a database query!
My code example contains the function mysql_real_escape_string which is like i told you deprecated. If you stick to mysql_* this is the least you can do to secure your application.
