0

After I used prepared statements to reduce the risk of SQL injection, the button click makes the page blank. I could not find any errors in my code. What is causing the page to go blank and how can I prevent it from happening? 

if(isset($_POST['desc_btn'])) { 
    $code = mysqli_real_escape_string($con, strip_tags($_POST['code_desc']));
    $desc = mysqli_real_escape_string($con, strip_tags($_POST['description']));

    $code_select =  $con->prepare("SELECT * FROM data WHERE code=?");
    $code_select->bind_param("s", $code);
    $code_select->execute();
    $data = $code_select->get_result();
    $data_user_id = $data['user_id'];

    $data_id = $data['id'];

    if($user_id == $data_user_id  ) {
        $code_select->close();
        $update = $con->prepare("UPDATE data SET description=? WHERE id=?");
        $update->bind_param('s', $desc, $data_id;
        $update->execute();
        $update->close();
    }
}
error_reporting(E_ALL);

Thanks for your help. I am open to any input.

mickmackusa
  • 43,625
  • 12
  • 83
  • 136
apaul
  • 308
  • 3
  • 13

2 Answers2

0

You have a syntax error on the $update->bind_param() line.

The type char for $data_id and the closing parenthesis were missing.

Change to following code

$update->bind_param('si', $desc, $data_id);
mickmackusa
  • 43,625
  • 12
  • 83
  • 136
B. Desai
  • 16,414
  • 5
  • 26
  • 47
0

The error_reporting() function sets the error_reporting directive at runtime. PHP has many levels of errors, using this function sets that level for the duration (runtime) of your script. If the optional level is not set, error_reporting() will just return the current error reporting level.

You should call this function at the beginning of the file.

Most of E_STRICT errors are evaluated at the compile time thus such errors are not reported in the file where error_reporting is enhanced to include E_STRICT errors (and vice versa).

sensorario
  • 20,262
  • 30
  • 97
  • 159