Why am I getting "Undefined index" from my PHP?

Question

When I run this code:

<?php
if (preg_match('/^[a-z0-9]+$/', $_GET['p'])) {
  $page = realpath("includes/$_GET[p].php");
  if ($page) {
    include $page;
  }
}
?>

I get this error:

Notice: Undefined index: p in index.php on line 3

What am I doing wrong?

Answer 1

$page = realpath("includes/ " . $_GET['p'] . ".php");

Answer 2

There is no 'p' parameter to the page, maybe? Did you mean $_REQUEST instead?
Also, is it not `"${_GET['p']}" when you are accessing an array?

Answer 3

The error message says that there is no array item with the key p. If you cannot guarantee that a variable (or array item) does exist, you should first check it with the isset function:

if (isset($_GET['p']) && preg_match('/^[a-z0-9]+$/', $_GET['p'])) {
    $page = realpath("includes/$_GET[p].php");
    if ($page) {
        include $page;
    }
}

Answer 4

There is no real problem. PHP yields a Notice not a Warning or Error. Basically, your script is not receiving the p URL parameter. So it uses '' and gives a notice in the log. If you see this message on your rendered page, adjust php error reporting to something like E_ERROR | E_WARNING in PHP.ini

Answer 5

What Gumbo said for checking if the index is set in the array.

Also for parsing an array index in a string you should use brackets around the array, and you should escape the index with single quotes if it is a string.

$page = realpath("includes/{$_GET['p']}.php");

But for including files suggested by the user, the safest way is to look up the files in an array, and only include them if they exists there.

Answer 6

Look into array_key_exists() for checking whether an array key... exists. But in your case I suggest you pick up the filter class of functions which specialize in working with user input.