0

I have unidentified index errors, and sometimes i need it to really be blank.

for example this one. I need this one to be blank because there is already an else statement.

the $_GET is only when the user inputs a date. 

$datefrom   = $_GET['datefrom'];
$dateto     = $_GET['dateto'];
if(isset($_GET['datefrom']) && ($_GET['dateto'])){
    $qry = "SELECT sum(order_detail.quantity*order_detail.price) as chenes, orders.date 
        FROM order_detail 
        LEFT JOIN orders 
        ON order_detail.orderid=orders.serial
        WHERE date(orders.date) BETWEEN '$datefrom' AND '$dateto'";
}
else {
    $qry = "SELECT sum(order_detail.quantity*order_detail.price) as chenes, orders.date 
        FROM order_detail 
        LEFT JOIN orders 
        ON order_detail.orderid=orders.serial";
}

how do i ignore the unidentified index error or remove it even if there is a blank? Thank you.

Improve this question
5
  • 2
    Have you heard of a thing called “SQL injection”? Commented Sep 21, 2014 at 14:24
  • 2
    Don't ignore it. Fix it. Commented Sep 21, 2014 at 14:25
  • @sevenseacat I know why it is displaying the error, the $datefrom and $dateto is blank, how do i catch that error? If it's blank it wont display the error. Commented Sep 21, 2014 at 14:26
  • Have you looked at the PHP manual? Commented Sep 21, 2014 at 14:27
  • The error message contains a line number. Locate that line and fix. Yes, isset is the right way (one of them actually) but you need to use it at the right place. Commented Sep 21, 2014 at 14:46

2 Answers 2

Reset to default
0

The error occurs because you try to access the two indexes 'datefrom' and 'dateto' before actually checking whether they exist using isset(). Put the first two assignments after your if-statement like this:

if(isset($_GET['datefrom']) && isset($_GET['dateto'])){
    $datefrom   = $_GET['datefrom'];
    $dateto     = $_GET['dateto'];
    // ...

Also note that you are vulnerable to SQL-Injections!

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

It is better to use empty() than isset(). empty() does the same as isset() but also checks if it is empty or not
$_GET['datefrom'] might also contain an empty string. Think of an input field where the user manually has to specify the date in YYYY-MM-DD, for example. In that case, empty() would also return true.
0

Although andy's answer will fix your immediate problem, you have a lot of work to do to make this even somewhat bullet resistant.

You must check that, if one date is supplied, so is the other one. You must check that they're valid dates in a valid format: php date validation

Finally, to further guard against SQL injection attacks, you need to use "bind parameters," which make the DBMS use those parameters as data, no matter if they look like SQL: How to bind SQL variables in Php?

Checking that the dates are valid is not a sufficient guard against SQL injection because you are betting there's not some other error somewhere.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.