SQL Query using ODBC

Question

this script :

 <?php    
    $myfamille=$_POST['myfamille'];

    $conn = odbc_connect('sage','<Administrateur>','');

    if (!$conn) 
    {exit("Connection Failed: " . $conn);} 




    $sql="Select F_ARTSTOCK.AR_Ref,AR_Design,AS_QteSto 
    FROM F_ARTICLE,F_FAMILLE,F_ARTSTOCK
    where F_ARTICLE.FA_CodeFamille=F_FAMILLE.FA_CodeFamille
    AND F_ARTICLE.AR_Ref=F_ARTSTOCK.AR_Ref
    AND F_FAMILLE.FA_CodeFamille='".$myfamille."'
    and F_ARTSTOCK.AS_QteSto <> 0";

    $rs=odbc_exec($conn,$sql);
    if (!$rs) 
    {exit("Error in SQL");} 
    while($e=odbc_fetch_object($rs))
           {$output[]=$e;}
    print(json_encode($output));
    ?>

give me this error:

Notice: Undefined variable: output in C:\wamp\www\articlecbase.php on line 24

Please note that removing this line make the code works and i don't know whats the problem

AND F_FAMILLE.FA_CodeFamille='".$myfamille."'

Also i have a similar script but with sql server and it works fine

<?php
 $myservername=$_POST['myservername'];
$servername=".\\".$myservername;
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$db_name="bijou";
$myfamille=$_POST['myfamille'];
  $connectionInfo = array( "Database"=>$db_name, "UID"=>$myusername, "PWD"=>$mypassword);
$conn = sqlsrv_connect( $servername, $connectionInfo);

if (!$conn) 
{exit("Connection Failed: " . $conn);} 


$sql="Select F_ARTSTOCK.AR_Ref,AR_Design,AS_QteSto FROM F_Article,F_Famille,F_ARTSTOCK
where F_ARTICLE.FA_CodeFamille=F_FAMILLE.FA_CodeFamille
AND F_ARTICLE.AR_Ref=F_ARTSTOCK.AR_Ref
AND F_FAMILLE.FA_CodeFamille='".$myfamille."' and F_ARTSTOCK.AS_QteSto != .000000";


$rs=sqlsrv_query($conn,$sql); 
if (!$rs) 
{exit("Error in SQL");} 

while($e=sqlsrv_fetch_object($rs))
       { $output[]=$e;}

print(json_encode($output));
?>

and this also with odbc works:

     <?php    
$myusername=$_POST['myusername'];
$conn = odbc_connect($myusername,'<Administrateur>','');

if (!$conn) 
{exit("Connection Failed: " . $conn);} 

$sql="SELECT   FA_CodeFamille AS FA_CodeFamille,FA_Intitule AS FA_Intitule FROM   F_FAMILLE";
$rs=odbc_exec($conn,$sql);

if (!$rs) 
{exit("Error in SQL");} 
while($e=odbc_fetch_object($rs))
       { $output[]=$e;}
print(json_encode($output));

?>

Please help me. regards

---

$output = array();
while($e=odbc_fetch_object($rs)) {
    $output[] = $e;
}

Is working fine on many scripts i have any help please

Answer 1

PHP is complaining because the variable isn't declared before you use it.

$output = array();
while($e=odbc_fetch_object($rs)) {
    $output[] = $e;
}

Otherwise, if the while loop is never entered, the variable isn't declared, and thus when you json_encode($output) , output doesn't exist.

Also, I suggest you abandon the old ODBC approach and go towards PDO (or at least the PDO ODBC driver).

Additionally, your code is open to SQL injection. You should be using prepared statements or properly escaping the string you interpolate into the query. Namely, you should look into odbc_prepare

Also, $_POST['key'] is never guaranteed to be populated. You should always use something like:

$blah = (isset($_POST['blah'])) ? $_POST['blah'] : null;

or

$blah = (array_key_exists($_POST['blah'])) ? $_POST['blah'] : null;

Or, if you're particularly paranoid like I am:

$blah = (array_key_exists($_POST['blah']) && is_string($_POST['blah'])) ? $_POST['blah'] : null;

If the user has PHP parse it as an array, errors can then occur from passing an array to a function. This can make PHP unnecessary generate notices/errors, so I like to avoid that possibility.

(An example of forcing $_GET['test'] to be an array would be page.php?test[]=blah )