Undefined Index in php with GET and POST

Question

I have a php file say p1.php that is getting data from another php file say p2.php which is accessed in p1.php via $_GET. Now the data in $_GET is being saved in a variable $totPrice. p1.php also has a form that is referencing to itself and some processing is done with a MySql database. I am getting an error of:

"Notice: Undefined index: totP in C:\xampp\htdocs\fi\p1.php on line 'where ever $totPrice appears'".

Here's the code for p1.php:-

<?php
global $totPrice;
$totPrice = $_GET['totP'];
if(!isset($_COOKIE['username']))
{
    if(isset($_POST['Submit']))
{
$dbc      = mysqli_connect("localhost","root","","authserver");
$username = $_POST['name'];
$password = $_POST['password'];
$ccno     = $_POST['ccno'];

    if(!empty($username) && !empty($password) && !empty($ccno))
{
     $query = "select * from authserver.fimembers where fName = '$username' AND     password_finmem=SHA('$password') AND CreditCard = $ccno";
$result = mysqli_query($dbc,$query);

if(mysqli_num_rows($result) == 1 )
{
$dbc1 = mysqli_connect("localhost","root","","fininsti");
$query1  = "select * from fininsti.fimembers where fName = '$username' AND    password_finmem=SHA('$password') AND CreditCard = $ccno"; 
    $result1 = mysqli_query($dbc1,$query1);
$row  = mysqli_fetch_array($result1,MYSQL_BOTH);
setcookie('username',$username,time()+60*60);
setcookie('ccno',$row[0],time()+60*60);
echo $totPrice.'<br />';
if($totPrice > $row[3])
if($_GET['totP'] > $row[3])
{
   $status = array('stat' => 0 );   // 0 = Not sufficient funds
}
else
{
$status = array('stat' => 1 );   // 1 = Good To Go!
$newAmt = $row[3]-$totPrice;
$query = "update fininsti.fimembers set Credit = $newAmt where CreditCard = $ccno";
$result = mysqli_query($dbc1,$query);
}           
$retMerUrl = "http://localhost/eTrans/site/confirm.php?".http_build_query($status);
setcookie('username',$username,time()-60*60);
setcookie('ccno',$row[0],time()-60*60);
mysqli_close($dbc1);
mysqli_close($dbc);
header('Location:'.$retMerUrl);             
}
else
   echo "Credentials don't match!";
}
else
{
    echo "Sorry! Fields empty!";
}
setcookie('userId',$username,time()-60*60);
setcookie('ccno',$row[0],time()-60*60);
mysqli_close($dbc);
}
}
?>

Please do get back to me if you have any problem with the question.

Answer 1

You need to fix the first two lines:

global $totPrice;
$totPrice = $_GET['totP'];

1. Remove the first line. You do not need global outside of functions.

2. Replace the second line with this:

    $totPrice = isset($_GET['totP']) ? $_GET['totP'] : 0; 

3. (not related to these two lines) Fix the SQL injection issues in your code!!!

Answer 2

Based on the error message(s) you are receiving, it's obvious that the totP is not being included in the URL the script is referencing. So your best bet is to include a few isset checks before referencing $_GET parameters, for example:

$totPrice = (isset($_GET['totP'])) ? $_GET['totP'] : null;

Also, not sure why you are making a global call, as you don't appear to be within a function.

Answer 3

To remove the notice a check with isset($_GET['totP'] would do. If it is in the URL but not showing up in your page, make sure there is no rewriting happening.

You could always do var_dump($_GET) to see all of the information in the query params for the specific code.

It might be helpful to see what it is receiving for you to know whats wrong.