SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Member
    Join Date
    Nov 2007
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Exclamation php form is not displaying in browser, help please!

    Hi everyone, i'm a php*MySQL beginner but i'm sure (due to some testing) that i've configured everything (Installed Apache2Triad w mySQL 5.0) correctly.

    I'm basically trying to test loading MySql database data (text) into my browser through a php script, so in other words i'm stuck on a tutorial

    i've been running tests to see whether it had something to do with php scripts not being read correctly or at all, but it seems that when i tested with simpler scripts such as

    <?php
    echo "hello!"
    ?>
    or
    <?php
    phpinfo();
    ?>
    it works fine...and diplays the targeted script in the browser window.

    Following is the php script configured to my user and with my password in "***"-format, connected through localhost...when (my php-file) http://localhost/jokes.php is selected, a blank screen is the result not even an error message

    <?php
    // If the user wants to add a joke
    if (isset($addjoke)):
    ?>
    <form action="<?php echo($PHP_SELF); ?>" method="POST">
    <p>Type your joke herebr />
    <textarea name="joketext" rows="10" cols="40" wrap"WRAP">
    </textarea><br />
    <input type="submit" name="submitjoke" value="SUBMIT" />
    </p>
    </form>
    <?php
    else:

    // Connect to the database server
    $dbcnx = @mysql_connect(
    "localhost", "****", "********");
    if (!$dbcnx) {
    echo( "<P>Unable to connect to the " .
    "database server at this time.</P>" );
    exit();
    }

    // Select the jokes database
    if (! @mysql_select_db("joke") ) {
    echo( "<P>Unable to locate the joke " .
    "database at this time.</P>" );
    exit();
    }

    // If a joke has been submitted,
    // add it to the database.
    if ("SUBMIT" == $submitjoke) {
    $sql = "INSERT INTO Jokes SET " .
    "JokeText='$joketext', " .
    "Date=CURDATE()";
    if (mysql_query($sql)) {
    echo("<P>Your joke has been added.</P>");
    } else {
    echo("<P>Error adding submitted joke: " .
    mysql_error() . "</P>");
    }
    }

    // If a joke has been deleted,
    // remove it from the database.
    if (isset($deletejoke)) {
    $sql = "DELETE FROM Joke" .
    "WHERE ID=$deletejoke";
    if (mysql_query($sql)) {
    echo("<P>The joke has been deleted.</P>");
    } else {
    echo("<P>Error deleting joke: " .
    mysql_error() . "</P>");
    }
    }

    echo("<P> Here are all the jokes " .
    "in our database: </P>");

    // Request the ID and text of all the jokes
    $result = mysql_query(
    "SELECT ID, JokeText FROM Joke");
    if (!$result) {
    echo("<P>Error performing query: " .
    mysql_error() . "</P>");
    exit();
    }

    // Display the text of each joke in a paragraph
    // with a "Delete this Joke" link next to each.
    while ( $row = mysql_fetch_array($result) ) {
    $jokeid = $row["ID"];
    $joketext = $row["JokeText"];
    echo("<P>$joketext " .
    "<A HREF='$PHP_SELF?deletejoke=$jokeid'>" .
    "Delete this Joke</A></P>");
    }

    // When clicked, this link will load this page
    // with the joke submission form displayed.
    echo("<P><A HREF='$PHP_SELF?addjoke=1'>" .
    "Add a Joke!</A></P>");

    endif;
    ?>
    What am i missing!? i'd be really happy to finally get to work on the actual work and not be stuck on this tut. to be stuck or not to be stuck, that's the question
    Last edited by phish; Nov 10, 2007 at 16:20. Reason: move to correct forum

  2. #2
    SitePoint Guru thr's Avatar
    Join Date
    Jun 2003
    Location
    Sweden
    Posts
    664
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can begin by posting in the correct forum...

  3. #3
    hi galen's Avatar
    Join Date
    Jan 2006
    Location
    New Haven, CT
    Posts
    1,228
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    get rid of the @ in front of mysql_connect and you might get your error. For future reference put these questions in the php forum not the application design forum.

  4. #4
    SitePoint Member
    Join Date
    Nov 2007
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sorry for posting this in the wrong section, just added to the correct one.

    i'm about to try the @ sign removal, atleast then i should get an error? YESSSSS

  5. #5
    SitePoint Zealot
    Join Date
    Jun 2004
    Location
    Netherlands
    Posts
    172
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    One problem I see is that the script relies on register globals being on. So for example, change:
    PHP Code:
    <?php
    // If the user wants to add a joke
    if (isset($addjoke)):
    ?>
    to
    PHP Code:
    if(isset($_GET['addjoke']) {
    // .... 

    Second, the use of $PHP_SELF. What is probably meant there is $_SERVER['PHP_SELF']. However, to use that is not save. PHP_SELF is tainted.

    Furthermore,
    PHP Code:
    if ("SUBMIT" == $submitjoke) { 
    should be
    PHP Code:
    if (isset($_POST['submitjoke']) { 
    ok well, these are just a few things. There is much more, but I think it would be wise to read a bit more about the usage of variables, and the superglobals $_GET and $_POST, to get an understanding of all this.

    Then, I strongly advise to read more about input validation of data and escaping output. This is probably just a script developed locally (with no security risks) but it doesn't harm to learn about security.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •