PHP - Displaying page that uses query string, but without any variable

Question

I have a page called Error.php. Variables are usually passed to it using the query string so that it will display the corresponding message to the error code I have assigned.

Example: Error.php?id=1

Here is the section of my page below:

<?php
if($_GET["id"] == "0")
{
  echo "Display certain information...";
}
elseif($_GET["id"] == "1")
{
  echo "Display certain information...";
}
elseif($_GET["id"] == "2")
{
  echo "Display certain information...";
}
elseif($_GET["id"] == "3")
{
  echo "Display certain information...";    
}
else
{
  echo "Display certain information...";
}
?>

All the information works fine, but the only problem is, if there is no query string (leaving it as just "Error.php"), it displays errors saying "Undefined index: id in.....". Is there a way to make Error.php unaccessible unless there is a query string? I'm sorry if my code grammer is incorrect, I'm very new to PHP. Thank you.

Answer 1

Use array_key_exists() to check and see if it's there:

<?php

if(array_key_exists("id", $_GET)) 
{
    if($_GET["id"] == "0")
    {
      echo "Display certain information...";
    }
    elseif($_GET["id"] == "1")
    {
      echo "Display certain information...";
    }
    elseif($_GET["id"] == "2")
    {
      echo "Display certain information...";
    }
    elseif($_GET["id"] == "3")
    {
      echo "Display certain information...";    
    }
    else
    {
      echo "Display certain information...";
    }
}
else
{
  // no query id specified, maybe redirect via header() somewhere else?
}

?>

Answer 2

That message is not an error but a notification. You can disable notification messages in your web application and it is recommended to do so anyway when going into production service (its fine while developing).

You can do so by setting error_reporting in php.ini not to include E_NOTICE

Answer 3

You should first test if the variable exists before using it, either with the isset or array_key_exists:

if (isset($_GET['id'])) {
    // $_GET['id'] exists
    // your code here
} else {
    // $_GET['id'] does not exist
}

Answer 4

You should use isset to check if the key 'id' is set in the array $_GET. For simple string lookup you should use an array instead of if-then-else and switch.

$errorMessages = array(
    "0" => "Display certain information...";
    "1" => "Display certain information...";
    "2" => "Display certain information...";
    "3" => "Display certain information...";
);

if (!isset($_GET['id']) || !isset($errorMessages[$_GET['id']])) {
    $message = 'No predefined error message';
    //or redirect
} else {
    $message = $errorMessages[$_GET['id']];
}
echo $message;