Blank page php and maria DB

Elbarba · October 4, 2022, 8:31am

We have a simple booking system for a private non profit org.
Untill now it has been working just fine but now its just showing a blank page. Have tried to downgrade to PHP 7.4 but that did not fix, its on PHP 8.1 now.

If i remove the below code from the page it “kind of” works, its not showing blank page anymore but rather a few items. Can you see if there is anyting obvious in the code thats wrong?

<?php
$sqlCount = "SELECT count(yttre.id) as totalSlots FROM bastun_slots AS yttre WHERE yttre.id NOT IN (SELECT inre.slotid FROM bastun_bookings AS inre WHERE inre.bookingdate LIKE '".$_POST[txtDate]."') order by id asc";
$result2 = $conn->query($sqlCount);
if ($result2->num_rows > 0) {
    // output data of each row
    while($row = $result2->fetch_assoc()) {
        $totalSlots = $row["totalSlots"];
    }
} else {
    //echo "0 results";
}
?>

phdr · October 4, 2022, 10:00am

Blank php pages are usually caused by fatal runtime errors, though it could be due to code with bad logic that simply doesn’t output anything. Do you have php’s error_reporting set to E_ALL (it should always be this value) and temporarily set display_errors to ON, preferably both set in the php.ini on your system, so that php would help you by reporting and displaying all the errors it detects?

Next, you always need error handling for statements that can fail. For database statements that can fail - connection, query, prepare, and execute, the simplest way of adding error handling, without adding logic at each statement is to use exceptions for errors and in most cases let php catch and handle the exception, where php will use its error related settings (see the first paragraph above) to control what happens with the actual error information (database statement errors will ‘automatically’ get displayed/logged the same as php errors.) To enable exceptions for errors for the mysqli extension, add the following line of code before the point where you make the database connection -

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

As to the posted code, there are some problems with it -

Do NOT put external, unknown, dynamic values directly into sql query statements, where any sql special characters in the value will break the sql query syntax, which is how sql injection is accomplished. Instead, use a prepared query. This would be a good time to switch the much simpler and more modern PDO database extension, since it is much easier to use, especially with prepared queries.
Php has finally removed the ridiculous assumption that undefined constants be treated as quoted strings. $_POST[txtDate] MUST be coded as $_POST['txtDate']. This would be producing a php error, with differing results, depending on php version.
A LIKE comparison, without a wild-card character, is in most cases the same as an = comparison. You should use an = comparison for exact matches.
A COUNT() query, without a GROUP BY term, will always produce a result set with one row in it. There’s no point in testing the number of rows for this type of query, just fetch and use the $row[“totalSlots”] value. Also, don’t use a loop to fetch data from a result set that you know contains only one row. Just directly fetch that row of data. There’s also no point in the ORDER BY term in this specific query.

Elbarba · October 4, 2022, 12:12pm

Thanks, realize that most of the code is wild west and we probably need to redo it.
However your feedback solved my problems.

So, thank you.