So I have the following PHP code
<?php
error_reporting(E_ALL & ~E_NOTICE);
ini_set('display_errors', TRUE);
ini_set('display_startup_errors', TRUE);
$poscote = $_POST['postcode'];
mysql_real_escape_string($poscote);
//! Checks for direct access to page
if (empty($_POST)) {
header('location:index.php?nothingentered');
die();
}
require_once('../Connections/PropSuite.php');
mysql_select_db($database_Takeaway, $Takeaway);
$query_PC = "SELECT * FROM Postcodes WHERE pc = '$postcode'";
$PC = mysql_query($query_PC, $Takeaway) or die(mysql_error());
$row_PC = mysql_fetch_assoc($PC);
if( mysql_errno() != 0){
// mysql error
// note: message like this should never appear to user, should be only stored in log
echo "Mysql error: " . htmlspecialchars( mysql_error());
die();
}
else {
echo $row_PC['oc'];
}
?>
This is to process a form with the following code
<form action="search_postcode.php" method="post">
<input type="text" name="postcode" />
<button>Go</button>
</form>
Strangely its just showing a blank screen, no errors, nothing I have checked through and cannot seem to find a solution.
Many thanks in advance for your help.
As your $postcode variable is undefined, you are looking in your database for a row where pc is an error message.
That query could very well finish without errors, but it probably produces 0 rows, so you don't have an error, nor do you have a result. In that case you output nothing, so you will see a blank screen.
You probably want:
$postcode = mysql_real_escape_string($poscote);
instead of:
mysql_real_escape_string($poscote);
and put it below the database connection section.
Also, you should switch to PDO (or mysqli) and prepared statements to avoid sql injection problems and because the mysql_* functions are deprecated. Note that your mysql_real_escape_string does not do anything (except removing the contents of your variable...) when you don't have a database connection open.
As of php.net, to enable php errors using the ini_set, you have to do it like this
ini_set('display_errors', '1')
This is taken from this link
In addition to the other answers, and without mentioning that you should be using PDO or mysqli, you could be having a character encoding issue. Try doing something like this:
define('DB_CHARSET', 'ISO-8859-1');
define('REPLACE_FLAGS', ENT_COMPAT | ENT_XHTML);
...
echo "Mysql error: " . htmlentities(mysql_error(), REPLACE_FLAGS, DB_CHARSET);
Replace the value of DB_CHARSET with whatever encoding your database is using. If you try to use htmlentities() with an invalid character it will produce an empty string.