This is most likely due to the PHP register_globals option being disabled by default in modern versions of PHP. Register_globals essentially automatically allows use of variables that come from external sources. For example, data submit through a form would automatically get a PHP variable with register_globals enabled. For security reasons, register_globals hasn't been used since before version 5.4. You should not encounter this problem with any modern PHP code.
However, if you do, you'll need to replace any instances of variables that seem to appear from nowhere. A MySQL select statement like the one you see below, assumes the $id variable will simply exist, filled with data sent to the page via form GET request like this:
"SELECT * FROM properties WHERE id = $id"
A simplified and insecure fix looks like this:
"SELECT * FROM properties WHERE id = '" . $_GET['id']. "'"
This way it takes an action to retreive the PHP variables 'id' from the $_GET global array, rather than assuming it already recognizes the variable 'id'. This exact code is not secure. You should take action to validate the $_GET['id'] value before sending it through to an SQL query, otherwise someone could easily disrupt the data being sent to the server and change the value in order to obtain data from the database not originally intended by the programmer.
