-1

MySql query returns with blank page using 2 submit button form. get a blank page with no errors when i run this. i am able to display the whole db but have trouble searching through and displaying matches.

index.html page: 

<form action="subjsearch.php" method="post">
        <label>First Name:</label><input type="text" name ="firstname"><br><br>
        <label>Last Name:</label><input type="text" name ="lastname"><br><br>
        <label>Age:</label><input type="text" name="age" size = "2"><br><br>
        <label>Tattoo:</label><input type="text" name ="tattoo"><br><br>
        <label>Moniker:</label><input type="text" name ="moniker"><br><br>
        <input type="submit" name="submitBTN" value="Submit">
        <input type="submit" name="searchBTN" value="Search">
        <input type="reset" name="resetBTN" value="Reset">
    </form>

action page: 

    <?php
        include 'db.php';
        if(isset($_POST['submitBTN'])){
            $firstname = $_POST['firstname'];
            $lastname = $_POST['lastname'];
            $age = $_POST['age'];
            $tattoo = $_POST['tattoo'];
            $moniker = $_POST['moniker'];

        $query = "INSERT INTO subjects (firstName,lastName,age,tats,moniker)VALUES(
                                '$firstname',
                                '$lastname',
                                '$age',
                                '$tattoo',
                                '$moniker')";

        if ($conn->query($query) === TRUE) {
            echo "New record created successfully";
        } elseif(isset($_POST['searchBTN'])){
            $query = "SELECT * FROM subjects WHERE firstName = '$firstname' OR lastName = '$lastname' OR age = '$age' OR tats = '$tattoo' OR moniker = '$moniker' ";
            $result = $conn->query($query);
        if ($result->num_rows > 0) {
            echo "<table><tr><th>ID</th><th>Name</th><th>AGE</th><th>Tattoo</th><th>Moniker</th></tr>";
            // output data of each row
            while($row = $result->fetch_assoc()) {
                echo "<tr><td>".$row["id"]."</td><td>".$row["firstName"]." ".$row["lastName"]."</td><td>".$row["age"]."</td><td>".$row["tats"]."</td><td>".$row["moniker"]. "</td></tr>";
            }
            echo "</table>";
        } else {
            echo "0 results";
        }

        }

        $conn->close();
        }
        ?>
FoxXH0und
  • 29
  • 5
  • 2
    error checking\display are off, turn them on to see the error. at the top of your php page add: `ini_set('display_errors', 'On'); ini_set('html_errors', 0); error_reporting(-1);` –  May 03 '18 at 22:52
  • 1
    and maybe fix the huge security holes befor making this public (https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) –  May 03 '18 at 22:53
  • Search won't work as it's inside the `$_POST['submitBTN'] block`. Move the `$_POST['searchBTN'] block` outside `$_POST['submitBTN'] block.` – Karlo Kokkak May 04 '18 at 00:46

1 Answers1

0

Search won't work as it's inside the if(isset($_POST['submitBTN'])) {..} block. Moved the if(isset($_POST['searchBTN'])) {..} block outside of if(isset($_POST['submitBTN'])) {..} block.

Also did escape of input values to avert SQL injections. Preferred way is prepared statement tho.

Updated Code:

<?php
include 'db.php';

$firstname = $conn->real_escape_string(isset($_POST['firstname']) ? $_POST['firstname'] : '');
$lastname = $conn->real_escape_string(isset($_POST['lastname']) ? $_POST['lastname'] : '');
$age = $conn->real_escape_string(isset($_POST['age']) ? $_POST['age'] : '');
$tattoo = $conn->real_escape_string(isset($_POST['tattoo']) ? $_POST['tattoo'] : '');
$moniker = $conn->real_escape_string(isset($_POST['moniker']) ? $_POST['moniker'] : '');

if (isset($_POST['submitBTN'])) {
    $query = "INSERT INTO subjects (firstName,lastName,age,tats,moniker)VALUES(
                                '$firstname',
                                '$lastname',
                                '$age',
                                '$tattoo',
                                '$moniker')";

    if ($conn->query($query) === true)  {
        echo "New record created successfully";
    }
    $conn->close();
}

if (isset($_POST['searchBTN'])) {
        $query = "SELECT * FROM subjects WHERE firstName = '$firstname' OR lastName = '$lastname' OR age = '$age' OR tats = '$tattoo' OR moniker = '$moniker' ";
        $result = $conn->query($query);
        if ($result->num_rows > 0)  {
            echo "<table><tr><th>ID</th><th>Name</th><th>AGE</th><th>Tattoo</th><th>Moniker</th></tr>";
            // output data of each row
            while ($row = $result->fetch_assoc())  {
                echo "<tr><td>" . $row["id"] . "</td><td>" . $row["firstName"] . " " . $row["lastName"] . "</td><td>" . $row["age"] . "</td><td>" . $row["tats"] . "</td><td>" . $row["moniker"] . "</td></tr>";
            }
            echo "</table>";
        }
        else {
            echo "0 results";
        }

    }
?>
Karlo Kokkak
  • 3,674
  • 4
  • 18
  • 33