-4

Hey I have a database that contains information about different countries. I also have a html page where you can submit information about countries. Can someone help me to write a code that says that the information has been stored in the database instead of it just redirecting to a blank page?

Here is my html page where you submit information:

<!DOCTYPE HTML>
<html>
<head>
    <meta charset="UTF-8">
        <title>Sett inn land</title>
</head>
<body>
    <form action="geoinn.php" method="get">
        Land: <input type="text" name="navn"> <br>
        Hovedstad: <input type="text" name="hovedstad"> <br>
        Areal: <input type="text" name="areal"> <br>
        Folketall: <input type="text" name="folketall"> <br>

        <input type="submit" value="Legg inn informasjon">  
    </form>
</body>
</html>

And here is the page that you are redirected to when you click submit on the other page. This is the page where I want to have a code saying either that "The information has been stored in our database" or that it has not:

    <?php
    $tjener = "localhost";
    $brukernavn = "root";
    $passord ="";
    $database ="Geografi";
    $kobling = mysqli_connect($tjener,$brukernavn,$passord,$database);
    $kobling->set_charset("utf8");
?>
<!DOCTYPE HTML>
<html>
<head>
    <meta charset="UTF-8">
    <title>Geografi</title>
</head>
<body>
    <?php
    $land = $_GET["navn"];
    $hovedstad = $_GET["hovedstad"];
    $areal = $_GET["areal"];
    $folketall = $_GET["folketall"];
    $sql ="INSERT INTO land (navn,hovedstad, areal, folketall)       VALUES('$land','$hovedstad','$areal', '$folketall')";
    mysqli_query($kobling, $sql);
    mysqli_close($kobling);
    ?>
</body>
</html>
Yangtuo
  • 1
  • 2
    [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – Jay Blanchard Mar 18 '16 at 13:36
  • Please rename your question to be more specific about your problem. – Geoff Atkins Mar 18 '16 at 13:36
  • Add error reporting to the top of your file(s) right after your opening ` – Jay Blanchard Mar 18 '16 at 13:36
  • 1
    The page is blank because you dont output anything. in the PHP script – RiggsFolly Mar 18 '16 at 13:43
  • *"instead of it just redirecting to a blank page?"* can you elaborate on that? Do you have a webserver and PHP installed on that machine? and how are you accessing this as, `http://localhost/file.php` or as `file:///file.php`? You are using a `.php` extension, *right?* – Funk Forty Niner Mar 18 '16 at 13:43
  • no idea why you're using GET here and that leaves you open to an injection a lot more. – Funk Forty Niner Mar 18 '16 at 13:49
  • @Fred GET is more open to injection...?! [Wat?!](http://memesvault.com/wp-content/uploads/Wat-Meme-Old-Lady-01.jpg) – deceze Mar 18 '16 at 14:06
  • @deceze I tend to think so, given anything can be passed in the URL's parameters. – Funk Forty Niner Mar 18 '16 at 14:07
  • @Fred Err.... you can also POST anything in the request body...!? – deceze Mar 18 '16 at 14:09

1 Answers1

1

Add some output and you will get some output. The blank page you get is the page that does the updates. You add the basic HTML page tags but do not output anything inside the <body>

$sql ="INSERT INTO land 
             (navn,hovedstad, areal, folketall)       
       VALUES('$land','$hovedstad','$areal', '$folketall')";

$result = mysqli_query($kobling, $sql);
if ( $result === FALSE ) {
   echo '<p>FAILED MESSAGE</p>';
} else {
   echo '<p>SUCCESS MESSAGE</p>';
}
echo "<p>Land = $land</p>";
echo "<p>hovedstad = $hovedstad</p>";
// and so on

mysqli_close($kobling);

As Jay says,

Your script is at risk for SQL Injection Attacks. Learn about prepared statements for MySQLi.

Community
  • 1
  • 1
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149