CODEWITHSUNDEEP
phpmysql
user2860430
user2860430

Reputation: 1

PHP white screen of death every time. What am I doing wrong?

I'm a complete noob to PHP and working with mysql so you know I do however have a great deal of experience with HMTL and CSS. All I need is for a form on my site to upload the information in the form to my database. The problem is that clicking the "submit" button just opens up a blank tab with the address of my .php file in it and displays a blank white screen. The .php is below. 

<?php
$hostname = "myHostName";
$username = "PreRegCustomers";
$dbname = "PreRegCustomers";
$password = "myPassword";
$usertable = "CustomerInfo";

mysql_connect($hostname, $username, $password) OR DIE ("Unable to 
connect to database! Please try again later.");
mysql_select_db($dbname);

$sql = "INSERT INTO $usertable (firstName, lastName, streetAddress, city, state, zip, country, email, phone, badgeName) 

VALUES ('$firstName', '$lastName', '$streetAddress', '$city', '$state', '$zip', '$country', '$email', '$phone', '$badgeName')";

$sql="INSERT INTO $usertable (firstName, lastName, streetAddress, city, state, zip, country, email, phone, badgeName)

VALUES ('".$_POST[firstName]."', '".$_POST[lastName]."', '".$_POST[streetAddress]."', '".$_POST[city]."', '".$_POST[state]."', '".$_POST[zip]."', '".$_POST[country]."', '".$_POST[email]."', '".$_POST[phone]."', '".$_POST[badgeName]."')";
?>

Now from what I've read this is usually caused by some kind of error in the code. This is difficult for me as I don't know PHP very well and almost everything in the page was taken from other peoples code. Most of it from the code helps from godaddy.com (where the site and database are hosted).

I've tested to make sure that PHP is supported and enabled and it is. I have a form mailer that already functions just fine. I have setup a DNS, I have tried multiple different syntaxes, I have called tech support to see if it is something on their end, I've migrated my sites from windows to linux and every thing I change results in the exact same blank white screen. I have no doubt that after all this it's going to be something that's stupidly easy to fix or blatantly obvious but if anybody could take a look and see what I'm missing I would be very grateful.

My new code after taking in some of the answers posted. I'm still getting a NOTICE and it's still not inserting anything into my database.

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

$hostname = "myHostName";
$username = "PreRegCustomers";
$dbname = "PreRegCustomers";
$password = "myPassword";
$usertable = "CustomerInfo";

//connect to mysql
$link_id = mysql_connect($hostname, $username, $password);
if (!$link_id) {
    die("Unable to connect to database! Please try again later. error:".mysql_errno());
}
//make sure your DB exists
if (!mysql_select_db($dbname)) die ("Connected to mysql but could not connect to the DB. error:".mysql_errno());

//avoid sql_injection
$firstName = mysql_real_escape_string($_POST['firstName']);
$lastName = mysql_real_escape_string($_POST['lastName']);
$streetAddress = mysql_real_escape_string($_POST['streetAddress']);
$city = mysql_real_escape_string($_POST['city']);
$state = mysql_real_escape_string($_POST['state']);
$zip = mysql_real_escape_string($_POST['zip']);
$country = mysql_real_escape_string($_POST['country']);
$email = mysql_real_escape_string($_POST['email']);
$phone = mysql_real_escape_string($_POST['phone']);
$badgeName = mysql_real_escape_string($_POST['badgeName']);

//write the query
$sql = "INSERT INTO $usertable 
    (firstName, lastName, streetAddress, city, state, zip, country, email, phone, badgeName) 
    VALUES ('$firstName', '$lastName', '$streetAddress', '$city', '$state', '$zip', '$country', '$email', '$phone', '$badgeName')";

//then you'll need to execute the query :)
mysql_query($sql); 
?>

Upvotes: 0

Views: 876

Answers (5)

Adam Purdie
Adam Purdie

Reputation: 502

Like the other guys said, put the comments in the array reference. That being said you really need to escape the $_POST variables to avoid SQL Injection, its also easier to debug if the code is clearly ordered :)

With ordered code you can type echo "some text"; at any touch point you want to so you can see where the code breaks.

Also switching on error reporting in your php.ini or in code (http://php.net/manual/en/function.error-reporting.php) would be the best bet for watching the errors that you can't predict.

<?php
$hostname = "myHostName";
$username = "PreRegCustomers";
$dbname = "PreRegCustomers";
$password = "myPassword";
$usertable = "CustomerInfo";

//connect to mysql
$link_id = mysql_connect($hostname, $username, $password);
if (!$link_id) {
    die("Unable to connect to database! Please try again later. error:".mysql_errno());
}
echo "connected to mysql";
//make sure your DB exists
if (!mysql_select_db($dbname)) die ("Connected to mysql but could not connect to the DB. error:".mysql_errno());
echo "connected to database";    
//avoid sql_injection
$firstName = mysql_real_escape_string($_POST['firstName']);
$lastName = mysql_real_escape_string($_POST['lastName']);
$streetAddress = mysql_real_escape_string($_POST['streetAddress']);
$city = mysql_real_escape_string($_POST['city']);
$state = mysql_real_escape_string($_POST['state']);
$zip = mysql_real_escape_string($_POST['zip']);
$country = mysql_real_escape_string($_POST['country']);
$email = mysql_real_escape_string($_POST['email']);
$phone = mysql_real_escape_string($_POST['phone']);
$badgeName = mysql_real_escape_string($_POST['badgeName']);

echo "sanitised input";
//write the query
$sql = "INSERT INTO $usertable 
    (firstName, lastName, streetAddress, city, state, zip, country, email, phone, badgeName) 
    VALUES ('$firstName', '$lastName', '$streetAddress', '$city', '$state', '$zip', '$country', '$email', '$phone', '$badgeName')";
echo "build query: ".$sql;    
//then you'll need to execute the query :)
if (mysql_query($sql))
    echo "query success";
else 
    echo "query failed";

//ps you can ignore the last? >

Upvotes: 0

hyunkeln
hyunkeln

Reputation: 419

Include this two lines at the very top of your php code:

error_reporting(E_ALL);
ini_set('display_errors', '1');

It is going to enable error reporting and so you will be able to debug your script. Maybe the problem is that the reading of $_POST variables (and of any array type variable) should be made with 'quotes' when using string index names:

 $_POST[firstName] must be written as follows:
 $_POST['firstName']

A good way of making this query more secure (against sql injection attacks for example) is to scape the values in POST instead of passing it directly to the query.

 $firstName = mysql_real_escape_string($_POST['firstName']);

The value in POST will be scaped so you can pass it to your SQL.

Try to make that will all your variables:

$sql = "INSERT INTO $usertable 
(firstName, lastName, streetAddress, city, state, zip, country, email, phone, badgeName) 
VALUES ('$firstName', '$lastName', '$streetAddress', '$city', '$state', '$zip', '$country', '$email', '$phone', '$badgeName')";

Finally you need to actually execute the query:

mysql_query($sql);

If it goes ok you'll see no errors, but be shure to enable error reporting to this script. When everything it's ok remember to remove the error reporting.

Upvotes: 0

user1899563
user1899563

Reputation:

first of all

$_POST[firstname] should be $_POST['firstname']

third

mysql_query($sql,$conn);

second

$conn=mysql_connect(your parameters);

Upvotes: 0

joe42
joe42

Reputation: 657

From what I can tell, this code just connects to a database and sets a variable $sql. Are you actually executing the query anywhere? Are you doing anything to print something on the screen?

Upvotes: 1

WebNovice
WebNovice

Reputation: 2220

$_POST[firstName] should be $_POST['firstName'] and so on and

mysql_query($sql) or die('MySQL Error: ', mysql_error());

echo 'Data inserted';

You shouldn't not be using mysql_ now, its deprecated. Do it with PDO

Upvotes: 0

Related Questions