Blank page after attempt to insert

Question

Whenever I try to insert data into my database 'users' I always get a blank page. It doesn't give me any errors, it doesn't include 'mainmenu.php', or return any feedback what so ever. Can someone help me out? Here is the code:

<?php

include("mainmenu.php");

$con = mysql_connect("localhost", "root", "*********");
if (!$con) {
   die('Connection failure.' . mysql_error());
   }

//Variable def
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$usrname = $_POST['usrname'];
$password = $_POST['password'];

mysql_select_db("users",$con) or die(mysql_error());
mysql_query("INSERT INTO data (usrname, fname, lname, password, email) VALUES ($usrname, $fname, $lname, $password, $email)") or die(mysql_error());
mysql_close($con)

echo("Thank you for registering!")
?>

It looks right to me.

This isn't the answer you're looking for, but PLEASE learn how to parameterize your queries. Even MORE so if you're a newbie -- best to learn how to do things correctly from day one so you don't learn bad habits. If you have no idea what I'm talking about, google "SQL Injection" and "PHP parameterized queries" for help. — Brennan Vincent, Jan 08 '11 at 15:21

score 3 · Answer 1 · answered Jan 08 '11 at 15:20

3

No errors? Add this at the top of the script:

<?php
error_reporting( E_ALL );
ini_set( 'display_errors', 1 );

answered Jan 08 '11 at 15:20

Rob

47,999
5
74
91

score 3 · Answer 2 · answered Jan 08 '11 at 15:20

First of all: Strings need delimiting:

mysql_query("INSERT INTO data (usrname, fname, lname, password, email) VALUES ('$usrname', '$fname', '$lname', '$password', '$email')";

Second: never ever pass un-checked user data into a database query. Use mysql_real_escape_string() on each value first.

score 3 · Accepted Answer · edited May 23 '17 at 12:01

3

don't you getting any syntax error?

first

mysql_close($con)
echo("Thank you for registering!")

change to

mysql_close($con);
echo("Thank you for registering!");

second, please quote your $_POST and escape it properly
read this - Escaping single quote in PHP when inserting into MySQL)

edited May 23 '17 at 12:01

Community

1
1

answered Jan 08 '11 at 15:23

ajreal

46,720
11
89
119

oops! forgot the semicolons! now it shows syntax errors. thanks a bunch! – Ken Jan 08 '11 at 15:54
no, now it says i have to use date_default_timezone_set() function, whatever that means. ill just look it up. – Ken Jan 08 '11 at 15:59

score 0 · Answer 4 · answered Jul 31 '16 at 05:58

mysql_query("INSERT INTO data (usrname, fname, lname, password, email) VALUES ($usrname, $fname, $lname, $password, $email)") or die(mysql_error());

Use this instead

$insert_sql = sprintf("INSERT INTO users (usrname, fname, lname, password, email) " .
          "VALUES ('%s' ,'%s', '%s', '%s', %d); ",
           mysqli_real_escape_string($conn, $usrname),
           mysqli_real_escape_string($conn, $fname),
           mysqli_real_escape_string($conn, $lname),
           mysqli_real_escape_string($conn, md5($password)),
           mysqli_real_escape_string($conn, $email),
           mysqli_insert_id($conn));

Then Query The Above String

mysqli_query($conn, $insert_sql);

Then a Conditionals

if($insert_sql){
$usrname = $_SESSION['user_id'];
//url.ext e.g could be "home.php" or "you.html"
//header is used for redirecting a page
header("Location: url.ext");
}else{
$msg = "error inserting";
header("Location: " . $_SERVER['HTTP_REFERER'] . "?Message= ". $msg );
}

Blank page after attempt to insert

4 Answers4