I've recently tried my hand at coding, and I put together a script I'm rather proud of, and i'm just finishing it to run on my site. However, on inspecting my 30meg error log, for a totally unrelated problem, i found this:
[client 86.163.116.191] PHP Notice: Use of undefined constant p - assumed 'p' in /var/httpdocs/appbeta.php on line 5
[client 86.163.116.191] PHP Notice: Use of undefined constant title - assumed 'title' in /var/httpdocs/appbeta.php on line 10
[client 86.163.116.191] PHP Notice: Use of undefined constant header - assumed 'header' in /var/httpdocs/appbeta.php on line 11
[client 86.163.116.191] PHP Notice: Use of undefined constant content - assumed 'content' in /var/httpdocs/appbeta.php on line 12
[client 86.163.116.191] PHP Notice: Use of undefined constant p - assumed 'p' in /var/appbeta.php on line 5
[client 86.163.116.191] PHP Notice: Use of undefined constant title - assumed 'title' in /var/appbeta.php on line 10
[client 86.163.116.191] PHP Notice: Use of undefined constant header - assumed 'header' in /var/httpdocs/appbeta.php on line 11
[client 86.163.116.191] PHP Notice: Use of undefined constant content - assumed 'content' in /var/path/appbeta.php on line 12
Now my script, appbeta, works fine when It's run, but every time it is, it throws those up.
This is the extract of the PHP notice'd lines:
$pageid = $_GET[p];
$dataquery = "SELECT * FROM gp WHERE page='" . $pageid . "'";
$dataqueryaction = mysql_query($dataquery);
$numrows = mysql_num_rows($dataqueryaction);
$data = mysql_fetch_array($dataqueryaction);
$title = $data[title];
$header = $data[header];
$content = $data[content]; ?>

What's wrong with that? The page is accessed as appbeta.php?p=[pagename] ; where have I gone wrong?
Would massively appreciate your input :)

Thanks!

Try this it should fix it


$pageid = $_GET['p'];
$dataquery = "SELECT * FROM gp WHERE page='" . $pageid . "'";
$dataqueryaction = mysql_query($dataquery);
$numrows = mysql_num_rows($dataqueryaction);
$data = mysql_fetch_array($dataqueryaction);
$title = $data['title'];
$header = $data['header'];
$content = $data['content'];

Yep, as of PHP 4.3 I think it is, you must use single quotes around your constants.

As a sidenote, you are passing arguments from the URL directly into the database. This is bad bad BAD BAD *BAD*. You need to escape the data somehow to prevent a user from attacking your server.

Google for sql injection, php sql injection prevention, etc.. to get started.

A lot of people neglect the quotes; for example, the writer of (link) this code (http://www.gpearce.co.uk/wp-content/uploads/2007/11/cmsheaderphp.txt).

...you must use single quotes around your constants.To avoid warnings, that is, single or double quotes must be used around string literals, even those used as array indexes. As for constants (no quotes), here's some more information from the manual:If you use an undefined constant, PHP assumes that you mean the name of the constant itself, just as if you called it as a string (http://www.php.net/manual/en/language.types.string.php) (CONSTANT vs "CONSTANT").

A lot of people neglect the quotes; for example, the writer of (link) this code (http://www.gpearce.co.uk/wp-content/uploads/2007/11/cmsheaderphp.txt).

To avoid warnings, that is, single or double quotes must be used around string literals, even those used as array indexes. As for constants (no quotes), here's some more information from the manual:


Bang on here

This is really a result of PHP devs originally not enforcing this then starting to do it. As a result you got tutorials and code all over the place using the other method which used to not throw errors.

Ahh if only PHP had register_globals off by default and all sorts of stuff enforced from the start. Ahh just imagine all the better code there would be out there :)