0

I have created a form for users to submit information which gets added to a database but when I click the submit button submit.php appears blank which I assume means there has been some form of error. I can't find any errors myself, hoping someone can.

<?php
$con=mysqli_connect("localhost","tyler1996","Tylerkernick1996","essays");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

$sql="INSERT INTO essays (author, email, essaytitle, subject, examboard, essay)
VALUES
       ('$_POST[author]','$_POST[subject]','$_POST[essaytitle]','$_POST[subject]','$_POST[examboard]','$_POST[essay]')";

if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";

mysqli_close($con);
?>
user3439743
  • 1
  • 2
  • 2
    Your code is vulnerable to mysql injection, learn more here http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Fabio Mar 20 '14 at 19:41
  • 4
    Turn on error reporting. There's about 500-billionty-seven articles about how to do that on this site if you need help turning them on. – phpisuber01 Mar 20 '14 at 19:42
  • 2
    And also you're on localhost, but when you go into production make sure to remove your credentials when posting. – Idris Mar 20 '14 at 19:43
  • `("localhost","tyler1996","Tylerkernick1996","essays")` and `INSERT INTO essays` why do I feel like you're using the wrong names for DB/table selection? Also, make sure that your form has named inputs. I.e.: `` etc. – Funk Forty Niner Mar 20 '14 at 19:53

2 Answers2

1
add these two lines to the top of your php file:
ini_set("display_errors","on");
error_reporting(E_ALL && ~E_NOTICE);


Also add exit after the mysqli connection failure echo.

And then you need to quote the keys in the $_POST array like this :$_POST[\"subject\"]

Do all of these and then let us know what is the result.
akr
  • 739
  • 4
  • 15
0

The error you're probably having is embedding $_POST['whatever'] directly in the string. You're also not quoting the key of the $_POST array. You're also vulnerable to injection, as @Fabio said, and you need to turn on error reporting, which will tell you all these things. If you're on apache, this may help. It'll be in a php.ini file somewheres.

Community
  • 1
  • 1
jstaab
  • 3,449
  • 1
  • 27
  • 40