The following code displays a BLANK PAGE when I hit the submit button. I have not a single idea what's wrong. Help check please..
The code below:
//The html code
<form method="post" action="dutydata.php">
<input type="text" placeholder="provide unique code">
<input type="submit" name="verify">
</form>
//the php code
<?php
$conn = mysqli_connect("localhost", "root", "", "army_duty");
$set = $_POST['verify'];
if($set) {
$show = "SELECT * FROM profile where military_number = '$set' ";
$result = mysqli_query($conn, $show);
while ($row = mysqli_fetch_array(result)) {
echo $row['military_number'];
echo $row['first_name'];
echo $row['last_name'];
echo $row['paygrade'];
echo $row['duty_status'];
echo $row['photo'];
echo "<br/>";
}
} else {
echo "Military Number not found";
}
?>
First, your input for the code needs a name:
<input type="text" name="code" placeholder="provide unique code">
This is what you will use in the query because $_POST['verify'] does not contain any value that you would want to use.
Second, you will want to use the $_POST['code'] number in your query:
$code = $_POST['code'];
if($set) {
$show = "SELECT * FROM profile where military_number = '$code' ";
Make sure to check for errors:
$result = mysqli_query($conn, $show) or die(mysqli_error($conn));
If you want to know if something was returned from the query you test the result. Since you are only getting one record you can skip the while() loop:
if($result) {
$row = mysqli_fetch_array($result);
echo $row['military_number'];
echo $row['first_name'];
echo $row['last_name'];
echo $row['paygrade'];
echo $row['duty_status'];
echo $row['photo'];
echo "<br/>";
} else {
echo "Military Number not found";
}
Little Bobby says your script is at risk for SQL Injection Attacks. Learn about prepared statements for MySQLi. Even escaping the string is not safe!