Jump to content

Recommended Posts

Folks,

I have a mysql tbl called "links".

In it a column named "keywords".

The row 0 has a keyword "search" in the "keywords" column.

I am doing a search for the words "search" in the html form. Clicking the button gives no response! What is wrong ?

I get no mysql connection error. Nor any php error. So it should work and respond!

	<form name = "search" method = "POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<label for="keywords">Keywords:*</label>
<input type="text" name="keywords" id="keywords" placeholder="Input Keywords" required>
<br>
<input type="button" name="search_links" id="search_links" value="Search Links!">
<br>
<input type="reset">
<br>
</form>
	

 

Full short code ...

	<?php
//include('error_reporting.php');
ini_set('error_reporting','E_ALL');//Same as: error_reporting(E_ALL);
ini_set('display_errors','1');
ini_set('display_startup_errors','1');
?>
	<form name = "search" method = "POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<label for="keywords">Keywords:*</label>
<input type="text" name="keywords" id="keywords" placeholder="Input Keywords" required>
<br>
<input type="button" name="search_links" id="search_links" value="Search Links!">
<br>
<input type="reset">
<br>
</form>
	<?php
	if($_SERVER['REQUEST_METHOD'] === 'POST')
{
    if(ISSET($_POST['search_links']))
    {
        if(ISSET($_POST['keywords']))
        {
            $keywords = $_POST['keywords'];
        }        
        
        mysqli_report(MYSQLI_REPORT_ALL|MYSQLI_REPORT_STRICT);
        mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
        
        $conn = mysqli_connect("localhost","root","","test");
        $db_server = 'localhost';
        $db_user = 'root';
        $db_password = '';
        $db_database = 'test';
        $conn->set_charset('utf8mb4');//Always use Charset.
        
        if (!$conn)
        {
            //Error Message to show user in technical/development mode to see errors.
            die("Database Error : " . mysqli_error($conn));
            
            //Error Message to show User in Layman's mode to see errors.
            die("Database error.");
            exit();
        }
	        $query = "SELECT page_url,link_anchor_text,page_description,keyphrases,keywords FROM links WHERE keywords = ?";
	        $stmt = mysqli_stmt_init($conn);
	        if(mysqli_stmt_prepare($stmt,$query))
        {
            mysqli_stmt_bind_param($stmt,'s',$keywords);
	            $result = mysqli_stmt_bind_result($stmt,$page_url,$link_anchor_text,$page_description,$keyphrase,$keywords);
            mysqli_stmt_execute($stmt);
            
            mysqli_stmt_fetch($stmt);
            
            while(mysqli_stmt_fetch($result))
            {
                echo "url"; echo "<br>";
                echo "anchor_text"; echo "<br>";
                echo "description"; echo "<br>";
                echo "keyphrases"; echo "<br>";
                echo "keywords"; echo "<br>";
                echo "|";
                echo "<br>";
            }
            
            mysqli_stmt_close($stmt);
            mysqli_close($conn);
        }
        else
        {
            echo "1. QUERY failed!";
        }
	        if(mysqli_stmt_prepare($stmt,$query))
        {
            mysqli_stmt_bind_param($stmt,'s',$keywords);
            mysqli_stmt_execute($stmt);
            
            $result = mysqli_stmt_get_result($stmt);
            
            while($row = mysqli_fetch_array($result,mysqli_assoc))
            {
                $page_url = $row['page_url']; echo $page_url; echo "<br>";
                $link_anchor_text = $row['link_anchor_text']; echo $link_anchor_text; echo "<br>";
                $page_description = $row['page_description']; echo $page_description; echo "<br>";
                $keyphrases = $row['keyphrases']; echo $keyphrases; echo "<br>";
                $keywords = $row['keywords']; echo $keywords; echo "<br>";
                echo "|";
                echo "<br>";
            }
            
            mysqli_stmt_close($stmt);
            mysqli_close($conn);
        }
        else
        {
            die("2. QUERY failed!");
        }
    }
}
	
?>
	
Link to comment
https://forums.phpfreaks.com/topic/311104-why-mysql-gives-no-response/
Share on other sites

$_SERVER['PHP_SELF'] is vulnerable to an XSS Attack. Just delete the action completely.

 

48 minutes ago, gw1500se said:

Your action parameter is just doing an echo. It is not calling the script.

Yes, it is, but it is a Security problem and shouldn't be used. You "could" use it if you enclosed it in htmlspecialchars but that is just sloppy. Cleaner to leave the action out completely.

  • Like 1
3 minutes ago, benanamen said:

$_SERVER['PHP_SELF'] is vulnerable to an XSS Attack. Just delete the action completely.

 

Yes, it is, but it is a Security problem and shouldn't be used. You "could" use it if you enclosed it in htmlspecialchars but that is just sloppy. Cleaner to leave the action out completely.

You mean I should do it the old way I used to do before I learn to do it the $_SERVER['PHP_SELF'] ? If that is the case then why did the php manual start teaching this new way that injects attacks ?

Old way:

	<form name = "search" method = "POST" action="">
	

 

New way:

	<form name = "search" method = "POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">
	

Look. No luck. No rows from db get displayed!

Try on your Xampp and see if you can spot what is wrong:

	<?php
//include('error_reporting.php');
ini_set('error_reporting','E_ALL');//Same as: error_reporting(E_ALL);
ini_set('display_errors','1');
ini_set('display_startup_errors','1');
?>
	<form name = "search" method = "POST" action="">
<label for="keywords">Keywords:*</label>
<input type="text" name="keywords" id="keywords" placeholder="Input Keywords" required>
<br>
<input type="button" name="search_links" id="search_links" value="Search Links!">
<br>
<input type="reset">
<br>
</form>
	<?php
	if($_SERVER['REQUEST_METHOD'] === 'POST')
{
    if(ISSET($_POST['search_links']))
    {
        if(ISSET($_POST['keywords']))
        {
            $keywords = $_POST['keywords'];
        }        
        
        mysqli_report(MYSQLI_REPORT_ALL|MYSQLI_REPORT_STRICT);
        mysqli_connect("localhost","root","","test");
        $conn->set_charset("utf8mb4");
        
        if(mysqli_connect_error())
        {
            echo "Could not connect!" . mysqli_connect_error();
        }
	        $query = "SELECT page_url,link_anchor_text,page_description,keyphrases,keywords FROM links WHERE keywords = ?";
	        $stmt = mysqli_stmt_init($conn);
	        if(mysqli_stmt_prepare($stmt,$query))
        {
            mysqli_stmt_bind_param($stmt,'s',$keywords);
	            $result = mysqli_stmt_bind_result($stmt,$page_url,$link_anchor_text,$page_description,$keyphrase,$keywords);
            mysqli_stmt_execute($stmt);
            
            mysqli_stmt_fetch($stmt);
            
            while(mysqli_stmt_fetch($result))
            {
                echo "url"; echo "<br>";
                echo "anchor_text"; echo "<br>";
                echo "description"; echo "<br>";
                echo "keyphrases"; echo "<br>";
                echo "keywords"; echo "<br>";
                echo "|";
                echo "<br>";
            }
            
            mysqli_stmt_close($stmt);
            mysqli_close($conn);
        }
        else
        {
            echo "1. QUERY failed!";
        }
	        if(mysqli_stmt_prepare($stmt,$query))
        {
            mysqli_stmt_bind_param($stmt,'s',$keywords);
            mysqli_stmt_execute($stmt);
            
            $result = mysqli_stmt_get_result($stmt);
            
            while($row = mysqli_fetch_array($result,mysqli_assoc))
            {
                $page_url = $row['page_url']; echo $page_url; echo "<br>";
                $link_anchor_text = $row['link_anchor_text']; echo $link_anchor_text; echo "<br>";
                $page_description = $row['page_description']; echo $page_description; echo "<br>";
                $keyphrases = $row['keyphrases']; echo $keyphrases; echo "<br>";
                $keywords = $row['keywords']; echo $keywords; echo "<br>";
                echo "|";
                echo "<br>";
            }
            
            mysqli_stmt_close($stmt);
            mysqli_close($conn);
        }
        else
        {
            die("2. QUERY failed!");
        }
    }
}
	
?>
	

When I said leave the action off I meant that literally. Don't put that in at all but I don't think that is the real problem. Start debugging by putting print statements after each mysqli to follow your logic so you can tell where it is failing. If you are getting a blank page then make sure there is no logic path where there is no output. Also check the page source to see if there is anything there that the browser is not displaying.

 

Edited by gw1500se
  • Like 1
3 hours ago, 2020 said:

$result = mysqli_stmt_bind_result($stmt,$page_url,$link_anchor_text,$page_description,$keyphrase,$keywords);
[...]
while(mysqli_stmt_fetch($result))

mysqli_stmt_bind_result just returns a bool value, not something you'd use in mysqli_stmt_fetch.  You use your $stmt variable there like you did just above. Speaking of the line just above, it shouldn't be there.  You don't fetch before your loop.

 

  • Like 1

Issue SOLVED!

No one in this forum or another could figure out what the problem was. I got a handful of programmers in this forum and another that usually are able to help me but on this occassion everyone failed BUT one programmer on another forum who came across my thread last night or so! Some new guy to me. No offense to anyone here. Didn't come here to gloat but share my SOLUTION.

2 of my threads will be closed here and there soon thanks to him.
The issue was the buttons I was using weren't working. His button did.
Look at my current code. You will see his button (last button out of the 4) and a few (3) of my own above his. None of my buttons work. Test it for yourself!

I thought I will mention this in this forum so others can benefit.

The first 3 buttons are mine and a failure. The 4th one is his and a PASS:

	<button type="submit">Submit</button> <button type="submit" value="submit">Submit</button> <input type="submit" value="submit"> <button name=submit value=" ">Submit</button>
	

On 7/17/2020 at 3:23 AM, kicken said:

mysqli_stmt_bind_result just returns a bool value, not something you'd use in mysqli_stmt_fetch.  You use your $stmt variable there like you did just above. Speaking of the line just above, it shouldn't be there.  You don't fetch before your loop.

 

So, this is wrong ?

	$stmt_fetch = mysqli_stmt_fetch($stmt);
            if($stmt_fetch === FALSE)
            {
                printf("Error: %s.\n", mysqli_stmt_error($stmt));
                printf("Error: %d.\n", mysqli_stmt_errno($stmt));
                die;
            }
            
            while(mysqli_stmt_fetch($stmt))
            {
                echo "$page_url"; echo "<br>";
                echo "$link_anchor_text"; echo "<br>";
                echo "$page_description"; echo "<br>";
                echo "$keyphrase"; echo "<br>";
                echo "$keywords"; echo "<br>";
                echo "|";
                echo "<br>";
            }
	

 

Show me how it should be then in procedural style.

Here you go so you don;t have to type from scratch, just re-arrange this how you see fit. In other words, EDIT this ...

	<?php
include 'error_reporting.php';
error_reporting(E_ALL);
ini_set('error_reporting',E_ALL);
ini_set('display_errors','1');
ini_set('display_startup_errors','1');
	
if($_SERVER['REQUEST_METHOD'] === 'POST')
{
    if(ISSET($_POST['submit']))
    {
        if(ISSET($_POST['keywords']))
        {
            $keywords = $_POST['keywords'];
        }        
        
        $query = "SELECT page_url,link_anchor_text,page_description,keyphrases,keywords FROM links WHERE keywords = ?";
	        $stmt = mysqli_stmt_init($conn);
	        if(mysqli_stmt_prepare($stmt,$query))
        {
            mysqli_stmt_bind_param($stmt,'s',$keywords);
	            $stmt_execution = mysqli_stmt_execute($stmt);
            if($stmt_execution === FALSE)
            {
                printf("Error: %s.\n", mysqli_stmt_error($stmt));
                printf("Error: %d.\n", mysqli_stmt_errno($stmt));
                die;
            }
            
            $bind_result = mysqli_stmt_bind_result($stmt,$page_url,$link_anchor_text,$page_description,$keyphrase,$keywords);
            /*RIDDING THIS BASED ON mac_guyver's ADVICE.
            if($bind_result === FALSE)
            {
                printf("Error: %s.\n", mysqli_stmt_error($stmt));
                printf("Error: %d.\n", mysqli_stmt_errno($stmt));
                die;
            }
            */
            
            $stmt_fetch = mysqli_stmt_fetch($stmt);
            if($stmt_fetch === FALSE)
            {
                printf("Error: %s.\n", mysqli_stmt_error($stmt));
                printf("Error: %d.\n", mysqli_stmt_errno($stmt));
                die;
            }
            
            while(mysqli_stmt_fetch($stmt))
            {
                echo "$page_url"; echo "<br>";
                echo "$link_anchor_text"; echo "<br>";
                echo "$page_description"; echo "<br>";
                echo "$keyphrase"; echo "<br>";
                echo "$keywords"; echo "<br>";
                echo "|";
                echo "<br>";
            }
            /*RIDDING THIS BASED ON mac_guyver's ADVICE.
            mysqli_stmt_close($stmt);
            mysqli_close($conn);
            */
        }
        else
        {
            die("QUERY failed!");
        }
        //die;
	        //2ND ATTEMPT TO DISPLAY TBL RESULTS. THIS TIME USING mysqli_stmt_get_result() FUNCTION. TEST RESULT: ATTEMPT A FAILURE!
        //Re-write the following 4 lines ...
        mysqli_report(MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT);
        $conn = mysqli_connect("localhost","root","","test");
        $conn->set_charset("utf8mb4");
        
        $query = "SELECT page_url,link_anchor_text,page_description,keyphrases,keywords FROM links WHERE keywords = ?";
	        $stmt = mysqli_stmt_init($conn);
        
        if(mysqli_stmt_prepare($stmt,$query))
        {
            mysqli_stmt_bind_param($stmt,'s',$keywords);
            
            $stmt_execution = mysqli_stmt_execute($stmt);
            if($stmt_execution === FALSE)
            {
                printf("Error: %s.\n", mysqli_stmt_error($stmt));
                printf("Error: %d.\n", mysqli_stmt_errno($stmt));
                die;
            }
            
            $get_result = mysqli_stmt_get_result($stmt);
            
            if($get_result === FALSE)
            {
                printf("Error: %s.\n", mysqli_stmt_error($stmt));
                printf("Error: %d.\n", mysqli_stmt_errno($stmt));
                die;
            }
            
            while($row = mysqli_fetch_array($get_result,MYSQLI_ASSOC))
            {
                $page_url = $row['page_url']; echo $page_url; echo "<br>";
                $link_anchor_text = $row['link_anchor_text']; echo $link_anchor_text; echo "<br>";
                $page_description = $row['page_description']; echo $page_description; echo "<br>";
                $keyphrases = $row['keyphrases']; echo $keyphrases; echo "<br>";
                $keywords = $row['keywords']; echo $keywords; echo "<br>";
                echo "|";
                echo "<br>";
            }
            /*RIDDING THIS BASED ON mac_guyver's ADVICE.
            mysqli_stmt_close($stmt);
            mysqli_close($conn);
            */
        }
        else
        {
            die("QUERY failed!");
        }
    }
}
	?>
	<form name = "search" method = "GET">
<label for="keywords">Keywords:*</label>
<input type="text" name="keywords" id="keywords" placeholder="Input Keywords" required>
<br>
<button type="submit">Submit</button><br>
<button type="submit" value="submit">Submit</button><br>
<input type="submit" value="submit"><br>
<button name=submit value=" ">Search</button><br>
<button type="submit" name="submit" value="submit">Search</button>
<br>
<input type="reset">
<br>
</form>
	

That way, I understand your message with no misunderstandings.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.