Need help again -_-'

Daegalus

Well I finished my spoiler list but now im doing a database search, and something is now working cause the result page comes up white, and when i check the source it has only: <html><body></body></html>

after it has loaded.

here is the PHP:

<?php
$number = $_POST['number'];
$name = $_POST['name'];
$type = $_POST['type'];
$attribute = $_POST['attribute'];
$subtype = $_POST['subtype'];
$level = $_POST['level'];
$atk = $_POST['atk'];
$def = $_POST['def'];
$rarity = $_POST['rarity'];
$cardtext = $_POST['cardtext'];

mysql_connect (localhost,***,***) or die ( mysql_error ());
mysql_select_db (cards)or die ( mysql_error ());
$sql = "SELECT `Number` , `Name` , `Type` , `Attribute` , `Subtype` , `Level` , `ATK` , `DEF` , `Rarity` , `CardText`
	FROM `SETS` WHERE 1 AND ";
if ($number != ""){
$sql .= "`number` = '";
$sql .= "$number";
$sql .= "'";
}
else {
$sql .= "";
}
if ($name != ""){
$sql .= "`name` = '";
$sql .= "$name";
$sql .= "'";
}
else {
$sql .= "";
}												
if ($type != ""){
$sql .= "`type` = '";
$sql .= "$type";
$sql .= "'";
}
else {
$sql .= "";
}												
if ($attribute != ""){
$sql .= "`attribute` = '";
$sql .= "$attribute";
$sql .= "'";
}
else {
$sql .= "";
}												
if ($subtype != ""){
$sql .= "`subtype` = '";
$sql .= "$subtype";
$sql .= "'";
}
else {
$sql .= "";
}												
if ($level != ""){
$sql .= "`level` = '";
$sql .= "$level";
$sql .= "'";
}
else {
$sql .= "";
}												
if ($atk != ""){
$sql .= "`atk` = '";
$sql .= "$atk";
$sql .= "'";
}
else {
$sql .= "";
}												
if ($def != ""){
$sql .= "`def` = '";
$sql .= "$def";
$sql .= "'";
}
else {
$sql .= "";
}												
if ($rarity != ""){
$sql .= "`rarity";
$sql .= "$rarity";
$sql .= "'";
}
else {
$sql .= "";
}												
if ($cardtext != ""){
$sql .= "`cardtext` = '";
$sql .= "$cardtext";
$sql .= "'";
}
else {
$sql .= "";
}
if ($number = "") & ($name = "") & ($type = "") & ($attribute = "") &
	($subtype = "") & ($level = "") & ($atk = "") & ($def = "") & ($rarity = "") & ($cardtext = "") {
 echo "You didn't enter anything into any of the fields!!!";
 }
else {
$result = mysql_query($sql);
$rowcount  = 0;
echo "<table>";
while ($row = mysql_fetch_array($result,MYSQL_ASSOC)) { 
	 echo "<tr>";
	  if ($rowcount == 0) {
		    foreach ($row as $key => $value) {
    echo "<th>$key</th>";
	 }
 echo "</tr><tr>";
	 }
	 foreach ($row as $key => $value) {
	  echo "<td>$value</td>";
	 }
		   echo "</tr>";
  }
 echo "</table>";
}
?>

examancer

are you sure the post data is being passed properly? i don't see anything in your code that checks. you may want to try something like

if(!isset($_POST['whatever'])) {
echo "Error! missing post data!"); 
}

Daegalus

The Problem is that the page doesn't even load for me to see anything.

If anyone has a better way to query a database for only the fields that information is provided, please tell me.

Weedpacket

Well, let's take a few suggestions from Debugging 101 (in fact some points from the Guidelines wouldn't go amiss here, either).

The first two tips in the Debugging thread and philipolson's post in particular.

After all, how likely do you think it would have been for someone to go trawling through all that code to see the error in

$sql .= "`rarity";
$sql .= "$rarity";
$sql .= "'";

But there is a cleaner solution, and that is to use an array and a loop.

$field1 = (isset($_POST['field1']) ? $_POST['field1'] : '';
    // Check that $field1 contains valid data,
    // and not something designed to trash the query

$field2 = (isset($_POST['field2']) ? $_POST['field2'] : '';
    // Check that $field2 contains valid data,
    // and not something designed to trash the query
}

...later...
$fields = array('field1', 'field2', 'field3', ...);
foreach($fields as $field)
if ($$field != ""){
$sql .= "`$field` = '".$$field."'";
}

Daegalus

Is there supposed to be 2 $ before field:

$fields = array('field1', 'field2', 'field3', ...);
foreach($fields as $field)
if ($$field != ""){
$sql .= "`$field` = '".$$field."'";
}

and i still get a blank page. Should i put up a phps page so whoever helps me can see the source?