Jump to content

Undefined Index but page still works?!


Recommended Posts

Please can soemone help me here? I am getting Undefined Index but my page still works?!


here is the line it is erroring on:


$page = mysql_escape_string($_GET['page']);
	$start = ($page - 1) * $limit; 
	$start = 0;	

Link to comment
Share on other sites

mysql_escape_string can't be used outside of a mysql query string as its a function specific to mySQL and not php, as most mysql_<whatever> are.


If your worried about someone injecting something via the $_GET variable you will need to filter it through other means.


Heres a quick dirty function I made sometime back that usually does the job for me, though I'm sure there's either ways to improve this function, or just a better way all around to handle this.



function cleaner4inputs($theInput){
$theOutput = stripslashes($theInput);
$theOutput = htmlspecialchars($theOutput, ENT_QUOTES);
$theOutput = str_replace("'", "\\'", $theInput);
//$theOutput = htmlentities($theOutput);
return $theOutput;

Link to comment
Share on other sites

mysql_escape_string can't be used outside of a mysql query string as its a function specific to mySQL and not php, as most mysql_<whatever> are.


If your worried about someone injecting something via the $_GET variable you will need to filter it through other means.


Heres a quick dirty function I made sometime back that usually does the job for me, though I'm sure there's either ways to improve this function, or just a better way all around to handle this.



function cleaner4inputs($theInput){
$theOutput = stripslashes($theInput);
$theOutput = htmlspecialchars($theOutput, ENT_QUOTES);
$theOutput = str_replace("'", "\\'", $theInput);
//$theOutput = htmlentities($theOutput);
return $theOutput;


That is not correct. As long as a connection to the database has been made, mysql_real_escape_string() is fine to use. It does not have to be used only within the query string.


As for your function, stripslashes is unnecessary unless magic_quotes_gpc = On, htmlspecialchars() is unnecessary to insert data into a database, and the str_replace() you've set up doesn't escape control characters.


In the case of the OP, since it appears that the incoming GET var is expected to be numeric, it would be appropriate to validate it as such, and cast it as an integer.


if( isset($_GET['page']) && ctype_digit($_GET['page']) ) {
      $page = (int) $_GET['page'];
      $start = ($page - 1) * $limit;
      $start = 0;   

Link to comment
Share on other sites

here is my page code

// Check user logged in already:
<!doctype html>
<title>Retro and Vintage</title>
<meta name="description" content="xxx" />
<meta name="keywords" content="xxx" />
<meta name="Content-Language" content="en-gb" />
<meta name="robots" content="FOLLOW,INDEX" />
<meta name="revisit-after" content="2 days" />
<meta name="copyright" content="jbiddulph.com" />
<meta name="author" content="John Biddulph - Professional web site design and development in the south of england mainly worthing and brighton" />
<meta name="distribution" content="Global" />
<meta name="resource-type" content="document" />
<link rel="stylesheet" type="text/css" href="css/reset.css" />
<link rel="stylesheet" type="text/css" href="css/style.css" title="default" />
<link rel="alternate stylesheet" type="text/css" href="css/style1.css" title="1" />
<link rel="alternate stylesheet" type="text/css" href="css/style2.css" title="2" />
<script type="text/javascript" src="js/stylechanger.js"></script>
<script type="text/javascript" src="js/jquery-1.2.1.pack.js"></script>
<script type="text/javascript">
function lookup(inputString) {
	if(inputString.length == 0) {
		// Hide the suggestion box.
	} else {
		$.post("rpc.php", {queryString: ""+inputString+""}, function(data){
			if(data.length >0) {
} // lookup

function fill(thisValue) {
	setTimeout("$('#suggestions').hide();", 200);
<?php if($messages) { displayErrors($messages); }?>
<div id="title">
	<h1>My Pub Space
	 <a href="#" onClick="setActiveStyleSheet('default'); return false;"><img src="images/0.gif" width="15" height="15" border="0" alt="css style" /></a> <a href="#" onClick="setActiveStyleSheet('1'); return false;"><img src="images/1.gif" width="15" height="15" border="0" alt="css style" /></a> <a href="#" onClick="setActiveStyleSheet('2'); return false;"><img src="images/2.gif" width="15" height="15" border="0" alt="css style" /></a>
		 <form method="post" class="textbox" action="search1.php">
				City/Town: <input type="text" size="26" class="searchbox" value="" id="inputString" onKeyUp="lookup(this.value);" onBlur="fill();" />

			<div class="suggestionsBox" id="suggestions" style="display: none;">
				<img src="images/upArrow.png" style="position: relative; top: -36px; left: 105px; z-index:1;" alt="upArrow" />
				<div class="suggestionList" id="autoSuggestionsList">
			<input type="image" src="images/go.png" height="30" with="30" value="GO" />
	</span>		</h1>
	<li class="selected"><a href="#">Home</a></li>
	<li><a href="#">Pubs</a></li>
	<li><a href="#">Members</a></li>
	<li><a href="#">Events</a></li>
	<li><a href="#">Register</a></li>
<section id="intro">
	<h2>Your social guide to going down the pub, online!</h2>
<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut.</p>
<img src="images/pub.jpg" alt="pub" /> </section>
<div id="content">
<div id="mainContent">
		<article class="blogPost">
				<h2>This is the title of a blog post</h2>
				<p>Posted on
					<time datetime="2009-06-29T23:31+01:00">June 29th 2009</time>
					by <a href="#">Mads Kjaer</a> - <a href="#comments">3 comments</a></p>

$targetpage = "default.php"; 	
$limit = 20; 

$query = "SELECT COUNT(*) as num FROM $tableName";
$total_pages = mysql_fetch_array(mysql_query($query));
$total_pages = $total_pages['num'];

$stages = 3;
$page = mysql_escape_string($_REQUEST['page']);
if( isset($_REQUEST['page']) && ctype_digit($_REQUEST['page']) ) {
      $page = (int) $_GET['page'];
      $start = ($page - 1) * $limit;
      $start = 0;   

    // Get page data
$query1 = "SELECT * FROM $tableName LIMIT $start, $limit";
$result = mysql_query($query1);

// Initial page num setup
if ($page == 0){$page = 1;}
$prev = $page - 1;	
$next = $page + 1;							
$lastpage = ceil($total_pages/$limit);		
$LastPagem1 = $lastpage - 1;					

$paginate = '';
if($lastpage > 1)

	$paginate .= "<div class='paginate'>";
	// Previous
	if ($page > 1){
		$paginate.= "<a href='$targetpage?page=$prev'>previous</a>";
		$paginate.= "<span class='disabled'>previous</span>";	}

	// Pages	
	if ($lastpage < 7 + ($stages * 2))	// Not enough pages to breaking it up
		for ($counter = 1; $counter <= $lastpage; $counter++)
			if ($counter == $page){
				$paginate.= "<span class='current'>$counter</span>";
				$paginate.= "<a href='$targetpage?page=$counter'>$counter</a>";}					
	elseif($lastpage > 5 + ($stages * 2))	// Enough pages to hide a few?
		// Beginning only hide later pages
		if($page < 1 + ($stages * 2))		
			for ($counter = 1; $counter < 4 + ($stages * 2); $counter++)
				if ($counter == $page){
					$paginate.= "<span class='current'>$counter</span>";
					$paginate.= "<a href='$targetpage?page=$counter'>$counter</a>";}					
			$paginate.= "...";
			$paginate.= "<a href='$targetpage?page=$LastPagem1'>$LastPagem1</a>";
			$paginate.= "<a href='$targetpage?page=$lastpage'>$lastpage</a>";		
		// Middle hide some front and some back
		elseif($lastpage - ($stages * 2) > $page && $page > ($stages * 2))
			$paginate.= "<a href='$targetpage?page=1'>1</a>";
			$paginate.= "<a href='$targetpage?page=2'>2</a>";
			$paginate.= "...";
			for ($counter = $page - $stages; $counter <= $page + $stages; $counter++)
				if ($counter == $page){
					$paginate.= "<span class='current'>$counter</span>";
					$paginate.= "<a href='$targetpage?page=$counter'>$counter</a>";}					
			$paginate.= "...";
			$paginate.= "<a href='$targetpage?page=$LastPagem1'>$LastPagem1</a>";
			$paginate.= "<a href='$targetpage?page=$lastpage'>$lastpage</a>";		
		// End only hide early pages
			$paginate.= "<a href='$targetpage?page=1'>1</a>";
			$paginate.= "<a href='$targetpage?page=2'>2</a>";
			$paginate.= "...";
			for ($counter = $lastpage - (2 + ($stages * 2)); $counter <= $lastpage; $counter++)
				if ($counter == $page){
					$paginate.= "<span class='current'>$counter</span>";
					$paginate.= "<a href='$targetpage?page=$counter'>$counter</a>";}					

			// Next
	if ($page < $counter - 1){ 
		$paginate.= "<a href='$targetpage?page=$next'>next</a>";
		$paginate.= "<span class='disabled'>next</span>";

	$paginate.= "</div>";		

echo $total_pages.' Results';
// pagination
echo $paginate;



	while($row = mysql_fetch_array($result))

	echo '<li>'.$row['rsPubName'].', '.$row['rsTown'].', '.$row['rsCounty'].'</li>';
	if	($_SESSION["rsUser"] == "admin")
	echo "<a href=\"edit.php?PUBID=".$row['PubID']."\" class=\"small\">edit this pub</a>";


	<section id="comments">
			<header> <a href="#">George Washington</a> on
				<time datetime="2009-06-29T23:35:20+01:00">June 29th 2009 at 23:35</time>
			<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut.</p>
			<header> <a href="#">Benjamin Franklin</a> on
				<time datetime="2009-06-29T23:40:09+01:00">June 29th 2009 at 23:40</time>
			<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut.</p>
			<header> <a href="#">Barack Obama</a> on
				<time datetime="2009-06-29T23:59:00+01:00">June 29th 2009 at 23:59</time>
			<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut.</p>
	<form action="#" method="POST" method="post">
		<h3>Post a comment</h3>
			<label for="name">Name</label>
			<input name="name" id="name" type="text" required />
			<label for="email">E-mail</label>
			<input name="email" id="email" type="email" required />
			<label for="website">Website</label>
			<input name="website" id="website" type="url" />
			<label for="comment">Comment</label>
			<textarea name="comment" id="comment" required></textarea>
			<input type="submit" value="Post comment" />
			<h3>Members Login Area</h3>
		<h4>Welcome <? print($_SESSION["rsUser"]); ?></h4>
		<a href="logout.php">Logout</a>
			<li><a href="#">December 2008</a></li>
			<li><a href="#">January 2009</a></li>
			<li><a href="#">February 2009</a></li>
			<li><a href="#">March 2009</a></li>
			<li><a href="#">April 2009</a></li>
			<li><a href="#">May 2009</a></li>
			<li><a href="#">June 2009</a></li>
	<section id="about">
		<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco <a href="#">laboris nisi ut aliquip</a> ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
	<section id="blogroll">
			<li><a href="#">NETTUTS+</a></li>
			<li><a href="#">FreelanceSwitch</a></li>
			<li><a href="#">In The Woods</a></li>
			<li><a href="#">Netsetter</a></li>
			<li><a href="#">PSDTUTS+</a></li>
	<section id="popular">
			<li><a href="#">This is the title of a blog post</a></li>
			<li><a href="#">Lorem ipsum dolor sit amet</a></li>
			<li><a href="#">Consectetur adipisicing elit, sed do eiusmod</a></li>
			<li><a href="#">Duis aute irure dolor</a></li>
			<li><a href="#">Excepteur sint occaecat cupidatat</a></li>
			<li><a href="#">Reprehenderit in voluptate velit</a></li>
			<li><a href="#">Officia deserunt mollit anim id est laborum</a></li>
			<li><a href="#">Lorem ipsum dolor sit amet</a></li>

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.