Home/ Questions/Q 7616049
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T02:47:45+00:00

On form submit, I’m getting a blank page (insert.php) with no error and no

  • 0

On form submit, I’m getting a blank page (insert.php) with no error and no success message.

This is the form:

<form action="insert.php" method="post">
Firstname: <input type="text" name="first_name" id="first_name" />
Lastname: <input type="text" name="lastname" />
Age: <input type="text" name="age" />
<input type="submit" />
</form>

This is the script:

mysql_select_db("my_db", $con);


$stmt = $db->prepare('INSERT INTO my_table (first_name) VALUES (:first_name)');

$stmt->execute(':first_name', $first_name);


if (!mysql_query($stmt,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

mysql_close($con)
?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You need to create a PDO object to be able to use prepared statements. Instead you have opened a connection with mysql_connect(). The two do not mix, and PDO is preferred between them as it is more easily secured through the use of prepared statements (among other reasons).

    From the PDO docs:

    // This establishes your connection using PDO.
// The PDO connection object is $db

/* Connect to an ODBC database using driver invocation */
$dsn = 'mysql:dbname=testdb;host=127.0.0.1';
$user = 'dbuser';
$password = 'dbpass';

try {
    $db = new PDO($dsn, $user, $password);
} catch (PDOException $e) {
    echo 'Connection failed: ' . $e->getMessage();
}

    Pass an associative array to execute(), rather than a list of arguments representing your placeholders. The 

    // Now that the PDO object is successfully created, prepare your statement
$stmt = $db->prepare('INSERT INTO my_table (first_name) VALUES (:first_name)');

// Arg to execute() should be an associative array
$stmt->execute(array(':first_name' => $first_name));

    The following call to mysql_query() is unnecessary, as you have already executed the prepared statement with PDO.

    // Don't do this
// mysql_select_db("my_db", $con);

// Or this...
//if (!mysql_query($stmt,$con))
//{
//  die('Error: ' . mysql_error());
//}

// Or this...
// mysql_close($con)
    • 0