1

index.php

<html>
  <head>
    <title>Josh's Online Playground</title>
  </head>
  <body>

    <form method="POST" action="action.php">
      <table>
        <tr>
      <td>"data for stuff"</td>
      <td><input type="text" ?></td>
    </tr>

        <tr>
          <td><input type="submit"></td>
        </tr>
      </table>
    </form>

  </body>
</html>

action.php

<?php
  error_reporting(E_ALL);
  ini_sit("display_errors", 1);

  $mysqli = new mysqli('localhost', 'root', 'password', 'website');

  $result = $mysqli->query("insert into stuff (data) values ('
        .$_POST['data']
        ."');

  echo $mysqli->error();

  if($result = $mysqli->query("select data from stuff")){
    echo 'There are '.$result->num_rows.' results.';
  }

  while ($row = $result->fetch_object()){
    echo 'stuff' . $row->data;
  }
?>

Despite the first two lines in action.php, I get no error or warning messages. Instead I get a blank page after clicking the submit button.

Do I have to do something differently to insert data?

Improve this question

5 Answers 5

Reset to default
3

you have a syntax error in action.php :

ini_set not ini_sit in line 2 !

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1 
ini_sit

has to be

ini_set

;)

Improve this answer

Comments

1

You have a fatal error, so the script simply cannot run, and therefore cannot report any errors. Look at this line:

$result = $mysqli->query("insert into stuff (data) values ('
        .$_POST['data']
        ."');

Should read:

$result = $mysqli->query("insert into stuff (data) values ('".$_POST['data']."')");

And escape your $_POST['data'] value before using it in the SQL statement

Improve this answer

2 Comments

I fixed that. But still no results. The line now reads: $result = $mysqli->query("insert into stuff (data) values ('" . $_POST['data'] . "')";
get into the habit of using an editor with syntax highlighting, and it becomes much easier to see errors such as this... if you look at your original posting, it's obvious even there.
0

You have inverted single quotes and double quotes somewhere in your code (at the end of your request). Make sure the display_error php setting is on

Improve this answer

Comments

0

Ok, first off, you have a massive SQL Injection vulnerability in there. Second, you have no error checking. Third, your quotes are incorrectly nested (which will cause a fatal error, which is why you're not seeing anything)

Modify it to something like this:

$mysqli = new mysqli('localhost', 'root', 'password', 'website');
if ($mysqli->connecterror) {
    //There was an error connecting, handle it
}

$result = $mysqli->query("insert into stuff (data) values ".
    " ('".$mysqli->real_escape_string($_POST['data'])."')";

if ($result === false) {
    //Query error, handle it
}

Also, you're looping through the data without checking if the result is valid:

if($result = $mysqli->query("select data from stuff")){
    echo 'There are '.$result->num_rows.' results.';
    while ($row = $result->fetch_object()){
        echo 'stuff' . $row->data;
    }
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.