0

Ok i have this code

<?php
include_once ('database_connection.php');

if(isset($_GET['keyword'])){
$keyword =  trim($_GET['keyword']) ;
$keyword = mysqli_real_escape_string($dbc, $keyword);

$query = "select name,title,description,link,type from items where name like '%$keyword%' or title like '%$keyword%' or description like '%$keyword%' or link like     '%$keyword%' or type like '%$keyword%'";

//echo $query;
$result = mysqli_query($dbc,$query);
if($result){
if(mysqli_affected_rows($dbc)!=0){
$ff = "";
      while($row = mysqli_fetch_array($result,MYSQLI_ASSOC)){
    $ff .= "<div id='itemdiv2' class='gradient'>";
    $ff .= "<div id='imgc'>".'<img src="Images/media/'.$row['name'].'" />'."<br/>";
$ff .= "<a href='#?w=700' id='".$row['id']."' rel='popup' class='poplight'>View full<a/></div>";
$ff .= "<div id='pdiva'>"."<p id='ittitle'>".$row['title']."</p>";
    $ff .= "<p id='itdes'>".$row['description']."</p>";
    $ff .= "<a href='".$row['link']."'>".$row['link']."</a>";
    $ff .= "</div>"."</div>";
    echo $ff;
}
}else {
    echo 'No Results for :"'.$_GET['keyword'].'"';
}

}
}else {
echo 'Parameter Missing';
}




?>

and i got this error "Notice: Undefined index: id in C:\xampp\htdocs\madeinusa\search.php on line 20" and this is the line 20: "$ff .= "View full";" and i dont know what seems the problem is. i think there is actually problem with the query or in displaying the records scheme. hope someone could help, im open on any suggestions and recommendations. thanks in advance.

Improve this question
4
  • incidentally you have a syntax error in your closing </a> tag was <a/> but i would guess that you ' and " are causing the problem, try echoing that out by itself. Commented Apr 13, 2012 at 12:07
  • I suggest you do some basic debugging yourself first. Most of all, var_export the contents of $row somewhere - a log file, or if all else fails, the browser. In this case, the associative array $row does not contain an element at key 'id', which is exactly what the error message is telling you. Commented Apr 13, 2012 at 12:07
  • Also note that your code has XSS vulnerabilities. All I have to do to exploit it is to add an image to the database that contains a script tag in its definition. Commented Apr 13, 2012 at 12:08
  • what is XSS vulnerabilities pls? Commented Apr 13, 2012 at 12:12

3 Answers 3

Reset to default
2

That is just a notice that you are missing the id value from $row array since you didn't include it in your select

try adding id in select query:

$query = "select id,name,title,description,link,type from items where name like '%$keyword%' or title like '%$keyword%' or description like '%$keyword%' or link like     '%$keyword%' or type like '%$keyword%'";

and it should work

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

yes, thank you. i miss something around my code and thats what exactly i forget
0

You should mention the id column in your select query

$query = "select id, name,title,description,link,type from items...
Improve this answer

1 Comment

yes, thank you. i miss something around my code and thats what exactly i forget
0

I think your error is here:

$row['id']

You don't select id in your query. Change it to:

select id,name,title,description,link,type from items where ...
Improve this answer

1 Comment

yes, thank you. i miss something around my code and thats what exactly i forget.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.