-1

I am working on a site to share names of songs, and I have made a recommendation form that I include in every page. This recommendation form is in HTML and leads to a PHP action page, where the information received is added to a SQL table. Here is the code:

<?php

ob_start();
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password="MYPASSWORD"; // Mysql password 
$db_name="DB NAME"; // Database name 
$tbl_name="songshare"; // Table name 

// Connect to server and select databse.
$link = mysqli_connect("$host", "$username", "$password")or die("cannot connect"); 
mysqli_select_db($link, "$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$song=$_POST['song']; 
$album=$_POST['album']; 
$artist=$_POST['artist'];
$linkitunes=$_POST['linkitunes'];
$artwork=$_POST['albumPic'];

// To protect MySQL injection (more detail about MySQL injection)
$song = stripslashes($song);
$album = stripslashes($album);
$artist = stripslashes($artist);
$song = mysqli_real_escape_string($link, $song);
$album = mysqli_real_escape_string($link, $album);
$artist = mysqli_real_escape_string($link, $artist);

$sql="SELECT * FROM $tbl_name WHERE song='$song'";
$result=mysqli_query($link, $sql);
if ($result->num_rows){
  echo "Song already taken" . "<br />";
  echo "<a href='/music.php'>music</a>";
  exit();
}

$sql="INSERT INTO recommendation (user_id, artist, song, album, artwork, linkitunes)";
$sql = $sql . " VALUES ('$_SESSION['user_id']', '$artist', '$song', '$album'. '$artwork'. '$linkitunes');";
$result=mysqli_query($link, $sql);

if(!$result) {
   echo "Recommendation failed" . "<br />";
   echo $sql;
} else {
    print "$song, $artist, $album";
}
ob_end_flush();

?>

I have checked that every username, password, link is correct and valid. My server does, in fact, run PHP. It doesn't seem to me like the PHP code is even running though.

Thank you so much in advance.

-Cameron

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Cameron Montesano
  • 1
  • 6
  • 7
    turn error reporting on and check for error if any. – rack_nilesh Jan 27 '15 at 05:33
  • Check your server logs. – elixenide Jan 27 '15 at 05:40
  • Also, you are wide open to [**SQL injection**](https://www.owasp.org/index.php/SQL_Injection). You filter some input, but not the rest. `$linkitunes` and `$album` appear to be passed to the database raw and could result in injections. You should use parameterized queries. – elixenide Jan 27 '15 at 05:44
  • A blank screen is usually indicative of a fatal error on the server. The details will be in the server error log, which should always be your first place to look with a problem like this. –  Jan 27 '15 at 05:44
  • I can't find the way to get to the error logs. – Cameron Montesano Jan 27 '15 at 05:45
  • Add `isset($_POST)` in your PHP code to execute this code only when the form is submitted – Gunaseelan Jan 27 '15 at 05:45

4 Answers4

0

Turn on error reporting by adding this on top of page:

ini_set("display_errors",true);

and change this line:

$link = mysqli_connect("$host", "$username", "$password")

to

$link = mysqli_connect($host, $username, $password,$db_name);

Please have a look how to work with mysqli

Dinesh
  • 4,066
  • 5
  • 21
  • 35
0

Instead of '$album'. '$artwork'. '$linkitunes' Do: '$album', '$artwork', '$linkitunes', while saving data.

Gaurav Dave
  • 6,838
  • 9
  • 25
  • 39
0

Try this :-

$sql = $sql . " VALUES ('".$_SESSION['user_id']."', '$artist', '$song', '$album', '$artwork', '$linkitunes')";

instead of 

$sql = $sql . " VALUES ('$_SESSION['user_id']', '$artist', '$song', '$album'. '$artwork'. '$linkitunes');";
Khushboo
  • 1,819
  • 1
  • 11
  • 17
  • Just did that, it worked. However, the only thing on the page is this message. – Cameron Montesano Jan 27 '15 at 05:49
  • Notice: Undefined index: song in /var/www/tts/recommend-action.php on line 16 Notice: Undefined index: album in /var/www/tts/recommend-action.php on line 17 Notice: Undefined index: artist in /var/www/tts/recommend-action.php on line 18 Notice: Undefined index: linkitunes in /var/www/tts/recommend-action.php on line 19 Notice: Undefined index: albumPic in /var/www/tts/recommend-action.php on line – Cameron Montesano Jan 27 '15 at 05:49
  • 20 SELECT * FROM recommendation WHERE song='' Notice: Undefined variable: _SESSION in /var/www/tts/recommend-action.php on line 41 Recommendation failed INSERT INTO recommendation (user_id, artist, song, album, artwork, linkitunes) VALUES ('', '', '', '', '', '') – Cameron Montesano Jan 27 '15 at 05:50
  • values are not coming in post – Khushboo Jan 27 '15 at 06:05
0

You should check the version of local server you are working with. If you are working with a higher of local server and you php was written in a lower version it throws a blank page.

Masei
  • 1