This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable,
visit the help center.
Closed 6 years ago.
When I run this code:
<?php
if (preg_match('/^[a-z0-9]+$/', $_GET['p'])) {
$page = realpath("includes/$_GET[p].php");
if ($page) {
include $page;
}
}
?>
I get this error:
Notice: Undefined index: p in index.php on line 3
The error message says that there is no array item with the key p. If you cannot guarantee that a variable (or array item) does exist, you should first check it with the isset function:
if (isset($_GET['p']) && preg_match('/^[a-z0-9]+$/', $_GET['p'])) {
$page = realpath("includes/$_GET[p].php");
if ($page) {
include $page;
}
}
What Gumbo said for checking if the index is set in the array.
Also for parsing an array index in a string you should use brackets around the array, and you should escape the index with single quotes if it is a string.
$page = realpath("includes/{$_GET['p']}.php");
But for including files suggested by the user, the safest way is to look up the files in an array, and only include them if they exists there.
$page = realpath("includes/ " . $_GET['p'] . ".php");
There is no real problem. PHP yields a Notice not a Warning or Error. Basically, your script is not receiving the p URL parameter. So it uses '' and gives a notice in the log. If you see this message on your rendered page, adjust php error reporting to something like E_ERROR | E_WARNING in PHP.ini
There is no 'p' parameter to the page, maybe? Did you mean $_REQUEST instead?
Also, is it not `"${_GET['p']}" when you are accessing an array?
Look into array_key_exists() for checking whether an array key... exists. But in your case I suggest you pick up the filter class of functions which specialize in working with user input.
