Undefined Array Key?

This issue doesn’t seem to be apparent to me and I am struggling to understand why my php code can’t get the updateID required.

This is my update.php file

<h3> Update </h3>
         <link href="css/signin.css" rel="stylesheet">
         <body class="text-center">
<main class="form-signin">
<script src="javascript/features.js"></script>
<form action ="../includes/update.inc.php" method="post">
    <input type="text" name="name" placeholder="Enter name of item...">
    <input type="text" name="description" placeholder="Enter a description...">
    <input type="number" name="quantity" min="1" placeholder="Enter quantity...">
    <input type="number" name="price" min="1" step="any" placeholder="Enter price">
    <button type="submit" name="update"> UPDATE </button>

include ("config.php");

if (isset($_SESSION["username"])){
    if(!$_SESSION["is_admin"] == 1){
        header("location: ../home.php");


        $id = $_GET['updateid'];
        $name = $_POST['name'];
        $desc = $_POST['description'];
        $quantity = $_POST['quantity'];
        $price = $_POST['price'];

        $sql ="UPDATE 'items' SET itemID = $id, name='$name', description='$desc', quantity='$quantity', price='$price'
        WHERE itemID = $id";
        $result = mysqli_query($conn, $sql);

            header("location: display.php");
        else {
            echo "Data not inserted";

For some reason it says that I cannot get the updateid as it is an undefined array key, yet in another file which displays the updateid in the browser through pressing a button.

<button><a href="../adminArea/update.php?updateid='.$itemid.'">Update</a></button>

Any help is appreciated

The URL in the button markup has a get parameter on the end of it for the updateid. The URL in the form tag’s action attribute does not. Therefore, there is no $_GET[‘updateid’] when the form has been submitted.

You should actually use a hidden field in the form to pass the updateid value to the post method form processing code as a $_POST value. This will mean that all the necessary values that the post method form processing code receives are in $_POST.

A bunch of points about the posted code -

  1. Use ‘require’ for things that your code must have for it to work.
  2. Include/require are not functions and the () around the filename are unnecessary typing. Just leave them out.
  3. A header() statement does not stop php code execution. All the rest of the code on that page runs every time that page gets requested. You MUST have an exit/die statement after a header() redirect to stop php code execution.
  4. You should only store the user_id (autoincrement primary index) in a session variable to indicate who the logged in user is. You should query on each page request to get any other user information or user permissions. This will insure that any change made to those values will take effect on the very next page request, so that for example, if you demote or ban a user, they cannot keep doing things as long as they remain logged in.
  5. You should not attempt to detect if the submit button isset. There are cases where it won’t be. You should instead detect if a post method form has been submitted.
  6. Based on the filenames in the URLs, the form and form processing code are on two different pages. This takes more code and results in a poor User eXperience (UX.) Simply, put them both on the same page. The form processing code goes first, followed by the code to query for and fetch the existing values to be edited, followed by the html document.
  7. Don’t copy variables to other variables for nothing. This is a waste of your time typing. If you have 20 form fields, would writing out 20 lines of code that does nothing but copy one variable to another make sense? Instead, keep the form data as a set, in an array variable, then operate on elements in that array variable throughout the rest of the code.
  8. Trim all the inputs before using them. If you keep that data as a set, you can do this with one single line of code.
  9. Validate all input data before using it, storing user/validation errors in an array, using the field name as the array index. After all of the validation logic, if the array holding the errors is empty, use the submitted data in the form processing code. To display the errors at the appropriate location in the html document, when you redisplay the form and repopulate the form field values with the submitted form data, test if the array holding the errors is not empty, then either loop over or implode the contents of the array to display the errors.
  10. Don’t put external, unknown, dynamic values directly into sql query statements. Use a prepared query instead. You would also want to switch to the much simpler and better designed PDO database extension.
  11. Don’t include the itemID column in the SET part of the query. It is the primary index that identifies what row to update.
  12. Because the item name should be unique and defined as a unique index in the database table, an UPDATE query can result in a duplicate error. The error handling for this query should detect if a duplicate index error number occurred, then setup a message for the user telling them that the reason that the UPDATE failed was due to an item name already in use.
  13. The only header() redirect the post method form processing code should have is to the exact same URL of the current page to cause a get request. This will prevent the browser from trying to resubmit the form data if the user reloads the page or navigates away from and back to that page.
  14. If you want to display a one-time success message, store it in a session variable, then test, display, and clear that session variable at the appropriate location in the html document.
1 Like
Sponsor our Newsletter | Privacy Policy | Terms of Service