notice error when non-registered users view posts

  • iWiGG_2010
  • Newbie
  • Newbie
  • User avatar
  • Posts: 10
  • Loc: Australia

Post 3+ Months Ago

Hi all,

Wondering if any of you can help me. I am new to php.

I keep getting this notice:
Notice: Undefined index: user_id in C:\wamp\www\website\view_topic.php on line 16

Its a basic fourm page. I want non-registered users to be able to view the posts but not post a reply.

Does anyone know what is happening and how I could fix it thanks.

PHP Code: [ Select ]
<?php include 'init.php'; ?>
 
<?php include 'template/header.php'; ?>
 
<br /><h3><p>View Topic</p></h3>
<p><br />
 
 
<?php
$cid = $_GET['cid'];
$tid = $_GET['tid'];
$sql = "SELECT * FROM `topics` WHERE `album_id`='".$cid."' AND id='".$tid."' LIMIT 1";
$res = mysql_query($sql) or die(mysql_error());
if (mysql_num_rows($res) == 1) {
   echo "<table width='100%'>";
      if ($_SESSION['user_id']) {
         echo "<tr><td colspan='2'><center><input type='submit' value='Add Reply' onClick=\"window.location = 'post_reply.php?cid=".$cid."&tid=".$tid."'\" /></center><hr /><br />";
            } else {
             
               echo "<br /><tr><td colspan='2'><p>Please Log in to add a comment</p></td></tr>"; }
      while ($row = mysql_fetch_assoc($res)) {
         $sql2 = "SELECT * FROM `posts` WHERE `album_id`='".$cid."' AND `topic_id`='".$tid."' ORDER BY `post_date` DESC";  
         $res2 = mysql_query($sql2) or die(mysql_error());
         while ($row2 = mysql_fetch_assoc($res2)) {
            echo "<tr><td valign='top' style='border: 1px sold #FFF;'><div style='min-height: 125px;'><br /><p>".$row['topic_title']."<br /><br />by ".$row2['post_creator']." - ".$row2['post_date']."<br />".$row2['post_content']."</p></div></td>
           
            <tr><td colspan='2'><hr /></td></tr>";
         }
         $old_views = $row['topic_views'];
         $new_views = $old_views + 1;
         $sql3 = "UPDATE `topics` SET `topic_views`='".$new_views."' WHERE `album_id`='".$cid."' AND id='".$tid."' LIMIT 1";
         $res3 = mysql_query($sql3) or die(mysql_error());
      }
         echo "</table>";
} else {
   echo "<p>This topic does not exist</p>";  
}
?>
</p>
<p>&nbsp; </p>
<?php include 'template/footer.php'; ?>  
 
  1. <?php include 'init.php'; ?>
  2.  
  3. <?php include 'template/header.php'; ?>
  4.  
  5. <br /><h3><p>View Topic</p></h3>
  6. <p><br />
  7.  
  8.  
  9. <?php
  10. $cid = $_GET['cid'];
  11. $tid = $_GET['tid'];
  12. $sql = "SELECT * FROM `topics` WHERE `album_id`='".$cid."' AND id='".$tid."' LIMIT 1";
  13. $res = mysql_query($sql) or die(mysql_error());
  14. if (mysql_num_rows($res) == 1) {
  15.    echo "<table width='100%'>";
  16.       if ($_SESSION['user_id']) {
  17.          echo "<tr><td colspan='2'><center><input type='submit' value='Add Reply' onClick=\"window.location = 'post_reply.php?cid=".$cid."&tid=".$tid."'\" /></center><hr /><br />";
  18.             } else {
  19.              
  20.                echo "<br /><tr><td colspan='2'><p>Please Log in to add a comment</p></td></tr>"; }
  21.       while ($row = mysql_fetch_assoc($res)) {
  22.          $sql2 = "SELECT * FROM `posts` WHERE `album_id`='".$cid."' AND `topic_id`='".$tid."' ORDER BY `post_date` DESC";  
  23.          $res2 = mysql_query($sql2) or die(mysql_error());
  24.          while ($row2 = mysql_fetch_assoc($res2)) {
  25.             echo "<tr><td valign='top' style='border: 1px sold #FFF;'><div style='min-height: 125px;'><br /><p>".$row['topic_title']."<br /><br />by ".$row2['post_creator']." - ".$row2['post_date']."<br />".$row2['post_content']."</p></div></td>
  26.            
  27.             <tr><td colspan='2'><hr /></td></tr>";
  28.          }
  29.          $old_views = $row['topic_views'];
  30.          $new_views = $old_views + 1;
  31.          $sql3 = "UPDATE `topics` SET `topic_views`='".$new_views."' WHERE `album_id`='".$cid."' AND id='".$tid."' LIMIT 1";
  32.          $res3 = mysql_query($sql3) or die(mysql_error());
  33.       }
  34.          echo "</table>";
  35. } else {
  36.    echo "<p>This topic does not exist</p>";  
  37. }
  38. ?>
  39. </p>
  40. <p>&nbsp; </p>
  41. <?php include 'template/footer.php'; ?>  
  42.  
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8388
  • Loc: USA

Post 3+ Months Ago

It means $_SESSION['user_id'] is not set.
  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9084
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

You can fix it by changing line 16 to this:

PHP Code: [ Select ]
      if (isset($_SESSION['user_id'])) {
  • iWiGG_2010
  • Newbie
  • Newbie
  • User avatar
  • Posts: 10
  • Loc: Australia

Post 3+ Months Ago

great thanks it works :)
  • WritingBadCode
  • Graduate
  • Graduate
  • User avatar
  • Posts: 214
  • Loc: Sweden

Post 3+ Months Ago

Not that you was asking but I think you should reconsider your code that says:

Code: [ Select ]
$cid = $_GET['cid'];
$tid = $_GET['tid'];
$sql = "SELECT * FROM `topics` WHERE `album_id`='".$cid."' AND id='".$tid."' LIMIT 1";
$res = mysql_query($sql)
  1. $cid = $_GET['cid'];
  2. $tid = $_GET['tid'];
  3. $sql = "SELECT * FROM `topics` WHERE `album_id`='".$cid."' AND id='".$tid."' LIMIT 1";
  4. $res = mysql_query($sql)


I'm not an expert at MySQL injections but I have seen many examples of why trusting user input is most of the time a bad idea. :)

You are collecting and loading whatever value here without any checks and then runs it as a MySQL query.

Make it a habit to always check ANY possible user input to limit the possibilities for abuse of your queries.
  • iWiGG_2010
  • Newbie
  • Newbie
  • User avatar
  • Posts: 10
  • Loc: Australia

Post 3+ Months Ago

Thanks, for your advice. I look into it.

Post Information

  • Total Posts in this topic: 6 posts
  • Users browsing this forum: wpas and 103 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.