PHP Script returning page blank

Question

I have a script that's supposed to show a certain page if the $_GET variable corresponds to what the page is asking. Like,

if(($_GET['action'] === 'post')){
    echo 'Post';
}

But the problem is when I add this to the page:

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

  <title>Admin</title>

  <link rel="stylesheet" type="text/css" href="include/style/content.css" />

</head>

<body>



<?php


include ("include/header.html");



include ("include/sidebar.html");





?>

<div class="container">

 <div class="adminpanel">

    <a class="navbutton" href="acp.php">Admin</a><a class="navbutton" href="acp.php?action=post">Posts</a><a class="navbutton" href="acp.php?action=usr">Users</a><a class="navbutton" href="acp.php?action=vc">Categories</a>

 </div>

<?php   session_start();


  require_once('appvars.php');

  require_once('connectvars.php');

    require_once('include/functions.php');



    $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);





if(!verify("O")){

exit();

}

    if(empty($_GET['action'])){



        if (!isset($_SESSION['user_id'])) {

    echo '<p class="login">Please <a href="login.php">log in</a> to access this page.</p>';

    exit();

  }

  else {

    echo('<p class="login">You are logged in as ' . $_SESSION['username'] . '. <a href="logout.php">Log out</a>.</p>');

  }



    echo' <h4>Admin Panel</h4>';

  // Connect to the database

  $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

  // Grab the profile data from the database

  $query = "SELECT * FROM options";

  $data = mysqli_query($dbc, $query);  



  $row = mysqli_fetch_array($data);



      if(!empty($row['name'])) {

    echo '<h4>'.$row['name'].'</h4>';

    }

  if(!empty($row['desc'])) {

      echo '<p>' . $row['desc'] . '</p>';

    }

    }






    if(($_GET['action'] === 'post')){

        $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);



    if (!isset($_SESSION['user_id'])) {

    echo '<p class="login">Please <a href="login.php">log in</a> to access this page.</p>';

    exit();

  }

  else {

    echo('<p class="login">You are logged in as ' . $_SESSION['username'] . '. <a href="logout.php">Log out</a>.</p>');

  }





if(!verify("O")){

exit();

}



  $query = "SELECT * FROM posts ORDER BY post_id DESC";

  $data = mysqli_query($dbc, $query);

  $gender = $row['gender'];

  $post = mysqli_real_escape_string( strip_tags ($post) );

  while ($row = mysqli_fetch_array($data)) {

      strip_tags($post);

      echo'<table class="admin">';



    if(!empty($row['title'])) {

        echo'<tr><td>Title:' .$row['title']. '</td></tr>';

    }

      if(!empty($row['post'])) {

      echo '<tr><td><pre>Post:<br/><br />' . $row['post'] . '</pre></td></tr>';

    }

        if(!empty($row['post_id'])) {

        echo'<tr><td>Post ID:' .$row['post_id']. '<a href="delete.php?del='.$row['post_id'].'">Delete Post</a></td></tr>';

    }

  if(!empty($row['username'])) {

      echo '<tr><td>UserName:' . $row['username'] . '</td></tr>';

    }

  if(!empty($row['rank'])) {

      echo '<tr><td>Rank:' . $row['rank'] . '</td></tr>';

    }

  if(!empty($row['gender'])){

    echo '<tr><td>Gender:' . $row['gender'] . '</td></tr>';

  }

    echo '</table><br />'; 

    }

    }



    if(($_GET['action'] === 'usr')){

      if(!verify("O")){

exit();

}





  // Connect to the database

  $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);



  // Grab the profile data from the database

  $query = "SELECT * FROM user ORDER BY user_id DESC";

  $data = mysqli_query($dbc, $query);

  $gender = $row['gender'];

  $post = mysqli_real_escape_string( strip_tags ($post) );

  while ($row = mysqli_fetch_array($data)) {

      strip_tags($post);

      echo'<table class="admin">';



    if(!empty($row['username'])) {

        echo'<tr><td>Username:' .$row['username']. '</td></tr>';

    }

    if(!empty($row['first_name'])) {

      echo '<tr><td>First Name:' . $row['first_name'] . '</td></tr>';

    }

    if(!empty($row['rank'])) {

      echo '<tr><td>Rank:' . $row['rank'] . '<a href="adminrank.php?r='.$row['username'].'">Edit User Rank</a></td></tr></td></tr>';

    }

    if(!empty($row['user_id'])) {

        echo'<tr><td>User ID:' .$row['user_id']. '<a href="deleteusr.php?del='.$row['user_id'].'">Delete User</a></td></tr>';

    }

  if(!empty($row['gender'])) {

      echo '<tr><td>Gender:' . $row['gender'] . '</td></tr>';

    }

  if(!empty($row['permissions'])) {

      echo '<tr><td>Perms:' . $row['permissions'] . '</td></tr>';

    }

    echo '</table><br />'; 

    }

    }

    if(($_GET['action'] === 'vc')){
    $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
    if (!isset($_SESSION['user_id'])) {
        echo '<p class="login">Please <a href="login.php">log in</a> to access this page.</p>';
        exit();
    }
    else {
        echo('<p class="login">You are logged in as ' . $_SESSION['username'] . '. <a href="logout.php">Log out</a>.</p>');
    }

    if (isset($_POST['submit'])) {
        // Grab the profile data from the POST
        $catt = mysqli_real_escape_string($dbc, strip_tags( trim($_POST['catt'])));
        $desc = mysqli_real_escape_string($dbc, strip_tags( trim($_POST['desc'])));  
        // Update the post data in the database

        if (!empty($catt)) {
            $query = "INSERT INTO categories (`name`, `desc`) VALUES ('$catt', '$desc')";
            mysqli_query($dbc, $query);
        echo '<p>Your category has been successfully added. Would you like to go back to the <a href="acp.php">Admin Panel</a>?</p>';
        echo $catt;
            mysqli_close($dbc);
            exit();
        }
        else {
            echo '<p class="error">You must enter information into all of the fields.</p>';
        }
    }
    if(!verify("O")){
        exit();
    }
    echo'<form enctype="multipart/form-data" method="post" action="'echo $_SERVER['PHP_SELF']'">';
        echo'<fieldset>';
            echo'<legend>Create Category:</legend>';
            echo'<label type="hidden" for="catt">Category name:</label><br />';
            echo'<input type="text" name="catt"><br /><br />';
            echo'<label type="hidden" for="desc">Description</label><br />';
            echo'<textarea rows="4"  name="desc" id="desc" cols="100"></textarea>';
        echo'</fieldset>';
        echo'<input type="submit" value="Save Category" name="submit" />' ;  
    echo'</form>';
}

?>

It returns a blank page, So I need to know why it is doing this. I suspect it has something to do with the if(isset($_POST['submit']))

What does `var_dump($_GET);` output? Edit your question to include this output. — Amal Murali, Apr 15 '14 at 03:54
@ChristianMark No, and I have actually changed that in my script to `echo $_SERVER['PHP_SELF']` — user3534341, Apr 15 '14 at 04:01
I don't see any reference to `vc` how are you accessing it, via an `href`? — Funk Forty Niner, Apr 15 '14 at 04:01
@user3534341: Then add this to the top of your script(s). http://stackoverflow.com/a/6575502/1438393 — Amal Murali, Apr 15 '14 at 04:03
@user3534341, yes and yet in your form you have the action labelled as `action="newcat.php"` — Mark, Apr 15 '14 at 04:03
@ChristianMark Yes, on here thats what is showed, but in my actual script I have changed that. — user3534341, Apr 15 '14 at 04:07
Try changing your `$_GET` to `$_REQUEST` see if that helps it. — Funk Forty Niner, Apr 15 '14 at 04:08
where your 'vc' come from? if you try to load your code in same page but i did not see where 'vc' come from. — user3517652, Apr 15 '14 at 04:11
what is your problem now? is it whole page blank? or your html code can shown? — user3517652, Apr 15 '14 at 04:19
You really need to show us \*all\* the code that's executing. — Asherah, Apr 15 '14 at 05:09

JBC · Answer 1 · 2014-04-15T04:35:24.723

0

What is this function?

if(!verify("O")){
    exit();
}

If you remove it, does the page load?

Also, you are echoing within an echo without escaping the original echo or concatenating properly:

 echo'<form enctype="multipart/form-data" method="post" action="'echo $_SERVER['PHP_SELF']'">';

Try this instead:

 echo'<form enctype="multipart/form-data" method="post" action="'.$_SERVER['PHP_SELF'].'">';

edited Apr 15 '14 at 04:35

answered Apr 15 '14 at 04:26

JBC

112
5

I didn't think of that with the echos, and i've tried removing the function. – user3534341 Apr 15 '14 at 04:47

score 0 · Answer 2 · answered Apr 15 '14 at 13:09

0

I had to change the action in the form to acp.php?action=vc

answered Apr 15 '14 at 13:09

user3534341

9
3

I'm not sure it's reliable to include both GET and POST data in the same server request. At the very least, it's potentially confusing and bad practice -- you could conceivably use the same variable name in both GET and POST data, opening the question of which value should be considered correct. Use `` instead. – Blazemonger Apr 15 '14 at 14:43

PHP Script returning page blank

2 Answers2