-2

I have a web page that allows you to do a query over a mysql database.

Both html and css are working fine. However, when you submit the query in the localhost, the new page is full blank.

The problem is I´m new with webs, and I don´t know where to start looking. I would guess this is happening due to an error in the conection, but I couldn´t find any problem in my code.

$company = $_POST[´company´];
$brand = $_POST[´brand´];


$servername = "localhost"
$username = "user"
$password = "pass"
$database = "ref"
if ($company == "hyundai") {
  $table == "ref_hyundai";
} else if ($company == "fiat") {
  $table == "ref_fiat";
} else if ($company == "toyota") {
  $table == "ref_toyota";
} else {
  $table == "ref_renault";
}

/* Connection to the mysql server and selection of the database */
$db = mysqli_connect($servername, $username, $password) or print_error("The connection to the mysql system is nor working");

mysql_select_db($db, $database) or print_error("The database is not accessible");


/* Query (select) about this brand name */

$query = "SELECT * FROM $table WHERE name LIKE ´%$brand%´;";

$result = mysqli_query($db,$query);
$items = mysqli_affected_rows($db);

if ($items == 0)
{
  print_error("The brand $gen wasn´t dounf in the $table table");
}
else {

The rest of the code it´s the display of the results.

Any help would be really appreciated.

Roy_Batty
  • 135
  • 1
  • 2
  • 12
  • Step 1 is **check your sever error logs for important details**. Step 2 is please, fix those SQL injection bugs. – tadman Dec 19 '20 at 16:47
  • 1
    `mysql_select_db` is from the wrong API. That function was deleted in PHP 7. – tadman Dec 19 '20 at 16:47
  • Note: The [object-oriented interface to `mysqli`](https://www.php.net/manual/en/mysqli.quickstart.connections.php) is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete `mysql_query` interface where missing a single `i` can cause trouble. Use this style: `$db = new mysqli(…)` and `$db->prepare("…")` The procedural interface is an artifact from the PHP 4 era and should not be used in new code. Additionally the procedural interface has less rigorous error checking and reporting, frustrating debugging efforts. – tadman Dec 19 '20 at 16:48
  • 1
    **WARNING**: When using `mysqli` you should be using [parameterized queries](https://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](https://php.net/manual/en/mysqli-stmt.bind-param.php) to add any data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](https://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or data *of any kind* directly into a query, it can be very harmful if someone seeks to exploit your mistake. – tadman Dec 19 '20 at 16:48
  • 1
    Having dynamic table names like that is usually a sign you need to [normalize your database](https://en.wikipedia.org/wiki/Database_normalization) and make it properly relational. – tadman Dec 19 '20 at 16:49
  • 1
    `LIKE ´%$brand%´;";` Should be: `LIKE '%$brand%'";` – Cyborg Dec 19 '20 at 16:58
  • Are you using Word to format your code and question? Why do we keep seeing `’` all over the place – Strawberry Dec 19 '20 at 17:19
  • I don´t mind about sql injections as I´m not publishing this web, it´s just for learning. It actually has to be ´LIKE ´%$brand%; "; as you are implementing the query in mysql, both has to end in ; – Roy_Batty Dec 19 '20 at 18:08
  • The `mysqli` library does not have a `select_db` function, pass the database name to `connect` instead: `$db = mysqli_connect($servername, $username, $password, $database)` – Nick Dec 19 '20 at 23:12

1 Answers1

0

You can check log/apache2/error.log I think you got some error in that file. OR Use below code above PHP file you get error on your web page.

ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
sartajahmed
  • 79
  • 9