Página en blanco después de intentar insertar

Whenever I try to insert data into my database 'users' I always get a blank page. It doesn't give me any errors, it doesn't include 'mainmenu.php', or return any feedback what so ever. Can someone help me out? Here is the code:

<?php

include("mainmenu.php");

$con = mysql_connect("localhost", "root", "*********");
if (!$con) {
   die('Connection failure.' . mysql_error());
   }

//Variable def
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$usrname = $_POST['usrname'];
$password = $_POST['password'];

mysql_select_db("users",$con) or die(mysql_error());
mysql_query("INSERT INTO data (usrname, fname, lname, password, email) VALUES ($usrname, $fname, $lname, $password, $email)") or die(mysql_error());
mysql_close($con)

echo("Thank you for registering!")
?>

It looks right to me.

preguntado el 08 de enero de 11 a las 15:01

This isn't the answer you're looking for, but PLEASE learn how to parameterize your queries. Even MORE so if you're a newbie -- best to learn how to do things correctly from day one so you don't learn bad habits. If you have no idea what I'm talking about, google "SQL Injection" and "PHP parameterized queries" for help. -

@Brennan: If only i could +10... -

"bare with me" -- No, we're not getting naked with you. -

4 Respuestas

don't you getting any syntax error?

primeras

mysql_close($con)
echo("Thank you for registering!")

cambiar

mysql_close($con);
echo("Thank you for registering!");

second, please quote your $_POST and escape it properly
Lee esto - Escaping single quote in PHP when inserting into MySQL)

contestado el 23 de mayo de 17 a las 15:05

oops! forgot the semicolons! now it shows syntax errors. thanks a bunch! - Conocido

no, now it says i have to use date_default_timezone_set() function, whatever that means. ill just look it up. - Conocido

No errors? Add this at the top of the script:

<?php
error_reporting( E_ALL );
ini_set( 'display_errors', 1 );

Respondido el 08 de enero de 11 a las 18:01

First of all: Strings need delimiting:

mysql_query("INSERT INTO data (usrname, fname, lname, password, email) VALUES ('$usrname', '$fname', '$lname', '$password', '$email')";

Segundo: nunca jamás pass un-checked user data into a database query. Use mysql_real_escape_string() on each value first.

Respondido el 08 de enero de 11 a las 18:01

mysql_query("INSERT INTO data (usrname, fname, lname, password, email) VALUES ($usrname, $fname, $lname, $password, $email)") or die(mysql_error());

Usa esto en su lugar

$insert_sql = sprintf("INSERT INTO users (usrname, fname, lname, password, email) " .
          "VALUES ('%s' ,'%s', '%s', '%s', %d); ",
           mysqli_real_escape_string($conn, $usrname),
           mysqli_real_escape_string($conn, $fname),
           mysqli_real_escape_string($conn, $lname),
           mysqli_real_escape_string($conn, md5($password)),
           mysqli_real_escape_string($conn, $email),
           mysqli_insert_id($conn)); 

Then Query The Above String

mysqli_query($conn, $insert_sql);

Then a Conditionals

if($insert_sql){
$usrname = $_SESSION['user_id'];
//url.ext e.g could be "home.php" or "you.html"
//header is used for redirecting a page
header("Location: url.ext");
}else{
$msg = "error inserting";
header("Location: " . $_SERVER['HTTP_REFERER'] . "?Message= ". $msg );
}

Respondido 31 Jul 16, 08:07

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.