2

I'm very new to MySQL. I'm trying to create a php script which reads data from a html form and stores it into the database. I'm also uploading an image whose path is saved in database and the image itself is stored in c:wamp/www/uploads. Now when I'm running the script on my wamp server after submission of my form I'm getting a blank page. When i check my uploads folder, it's still empty. So image isn't put into the folder. Can anyone debug it? 

<?php

define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'root');
define('DB_PASSWORD', '');
define('DB_DATABASE', 'userdatadelta');

$db = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE);

$table= "CREATE TABLE `users` 
        (  `rollno` int(15) NOT NULL,
           `name` varchar(50) NOT NULL,
           `email` varchar(50) NOT NULL,  
           `password` varchar(50) NOT NULL,  
           `imageid` varchar(50) NOT NULL,  
            PRIMARY KEY (`uid`),  
            UNIQUE KEY `username` (`email`))";

mysqli_query($db,$table);

if(isset($_POST["submit"]))
{
$name = $_POST["name"];
$roll_number = $_POST["rollno"];
$department = $_POST["department"];
$year = $_POST["year"];
$email = $_POST["email"];
$password = $_POST["password"];
$filename=$_FILES['userpic']['name'];
$filetype=$_FILES['userpic']['type']; 

$name = mysqli_real_escape_string($db, $name);
$roll_number = mysqli_real_escape_string($db, $roll_number);
$department = mysqli_real_escape_string($db, $department);
$year = mysqli_real_escape_string($db, $year);
$email = mysqli_real_escape_string($db, $email);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password);

$newfilename= $roll_number;

if($filetype=='image/jpeg' or $filetype=='image/png' or $filetype=='image/gif')
 {
move_uploaded_file($_FILES['file']['tmp_name'],'upload/'.$newfilename);
$filepath="upload/".$newfilename;
 }


$sql = "SELECT email FROM users WHERE email='$email'";
$result = mysqli_query($db,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);

if(mysqli_num_rows($result) == 1)
{
 echo "An account has been created with this email ID already. We regret the inconvenience";
}
else
{
  $query = mysqli_query($db, "INSERT INTO users (name, rollno, department, year, email, password, imagepath)VALUES ( '$name','$roll_number', $department, $year,'$email', '$password', '$filepath')");

  if($query)
   {
    echo "Thank You! You have completed registration and are now registered.";
   }
}
}
?>

Edited code which works for the most part but for the insertion of data :(. The 2 comments "An account has been created with this email ID already. We regret the inconvenience" and "Thank You! You have completed registration and are now registered." don't seem to work.

<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);

$DB_SERVER="localhost";
$DB_USERNAME="root";
$DB_PASSWORD="";
$DB_DATABASE="userdatadelta";

$db = mysqli_connect( "$DB_SERVER" ,"$DB_USERNAME","$DB_PASSWORD","$DB_DATABASE")or die("Cannot connect");

echo "Got connected?";

if(isset($_POST["submit"]))
{
echo "Got inside isset!";
$name = $_POST["name"];
$roll_number = $_POST["rollno"];
$department = $_POST["department"];
$year = $_POST["year"];
$email = $_POST["email"];
$password = $_POST["password"];
$filename=$_FILES['userpic']['name'];
$filetype=$_FILES['userpic']['type']; 

$name = mysqli_real_escape_string($db, $name);
$roll_number = mysqli_real_escape_string($db, $roll_number);
$department = mysqli_real_escape_string($db, $department);
$year = mysqli_real_escape_string($db, $year);
$email = mysqli_real_escape_string($db, $email);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password);

$newfilename= $roll_number;

if($filetype=='image/jpeg' or $filetype=='image/png' or $filetype=='image/gif')
 {
echo "Got inside file type checking!";
move_uploaded_file($_FILES['userpic']['tmp_name'],'upload/'.$newfilename);
$filepath="upload/".$newfilename;
 }


$sql = "SELECT email FROM users WHERE email='$email'";
$result = mysqli_query($db,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);

if(mysqli_num_rows($result) == 1)
{
 echo "An account has been created with this email ID already. We regret the inconvenience";
}
else
{
  $query = mysqli_query($db, "INSERT INTO users (name, rollno, department, year, email, password, imagepath)VALUES ( '$name','$roll_number', $department, $year,'$email', '$password', '$filepath')");
  echo "Got inside else!";
  if($query)
   {
    echo "Thank You! You have completed registration and are now registered.";
   }
}
}
echo "Comment!";
?>
SirChin
  • 21
  • 4
  • Doesn't show any. Just a blank page redirected from the HTML page. – SirChin Jul 09 '15 at 20:33
  • Note that your program is prone to *sql injection*. You should really google that. Also, you try tro create the table on each request. After the first request, it will already exist and the query will fail. Check in the database if your table exists. – Albert Hendriks Jul 10 '15 at 07:23
  • @AlbertHendriks Oh yea I had corrected that to 'if not exists'. Also I thought mysqli_real_escape_string is supposed to take care of sql injection? Wrong? – SirChin Jul 10 '15 at 07:59
  • Sorry, I read your code to quickly. You're right. Note btw that md5 is carcked, you should use sha256 http://stackoverflow.com/questions/1752477/how-to-use-sha256-in-php5-3-0 – Albert Hendriks Jul 10 '15 at 10:31

1 Answers1

0

With such a long code snippet its hard to determine possible errors, as the blank page can be caused from many reasons.

Some of the typical problems that could be related to your code:

  • a PHP syntax error like an extra or missing brace ( { or } ), for example. The piece you posted seems to be ok, but you dont't tell which PHP version are you using.

  • a denied write permission to upload path. Either because permissions are wrong, or the path is incorrect. You don't specify your operating system, but it's assumed to be Windows. Some systems use case insensitive paths, other case sensitive, check that for the version and configuration of your current system.

  • for blank page issue, even when no errors would be raised, there is a sequence of execution in which neither one of the two echo calls are being triggered.

Tipically, PHP will not output any errors to the users as in a production environment it may represent a security risk.

In your development environment you can enable error output to quickly address what is going wrong.

Add the following lines just right after the first opening <?php clause:

error_reporting(E_ALL);
ini_set("display_errors", 1);

Now all the errors for what PHP is complaining should be outputted to the browser.

Be aware, this is not considered a good practice specially in production environments. Errors should be looked up on log files. Use it for helping yourself debugging and solving your current problem in develpment time. If you are working on a large project consider getting the help of a PHP framework to enhance your coding experience.

alariva
  • 2,051
  • 1
  • 22
  • 37
  • Doesn't seem to be showing any errors after including that piece of code. Still a blank page. – SirChin Jul 10 '15 at 02:05
  • The PHP syntax seems to be ok. On the other hand, check that you only have two echo calls which are into nested ifs. The may be called if mysqli_num_rows($result) == 1 is false and $query is false. What happens when you echo something at the very end of your process. (Just before your closing ?> tag) ? – alariva Jul 10 '15 at 07:11
  • Actually I edited my code a bit. Couple of small errors. The echo at the end of the process seems to work. But not inside mysqli_num_rows($result) == 1 or $query checks. I suspect the insert statement isn't working. Anything wrong with it's syntax? – SirChin Jul 10 '15 at 07:48
  • Read the mysqli_query() function specification to know how it works:http://php.net/manual/en/mysqli.query.php You can var_dump($query) to check what is it returning, mostly probable a false value. – alariva Jul 10 '15 at 11:28
  • Umm..I'm not sure what's inherently wrong with the insert code. Could you point out if i'm doing anything wrong? – SirChin Jul 11 '15 at 06:18
  • Since I do not know the schema and sate of the DB, either if the table exists, if the columns are ok, if data types are correct, even if the row already exist and there is an index constraint, any of those could be possible. Please var_dump($query) right after assigning, to see if it helps. You can also your current DB schema, and check if you are not duplicating or getting any other constraint. – alariva Jul 11 '15 at 20:36