echo not displaying value on page

I have used "echo $query" to see whether it is getting value or not but it is not showing anything on the page. What is the other way to see what value it is getting?

I use Aptana Studio 2.0 PDT but I am not able to set开发者_运维技巧 the breakpoints. Quite new in it.

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

    $ulName = $_GET['ControlName'];
    $query = $_GET['SqlQuery'];
    echo $query;
    mysql_connect('localhost:3306','pffsddsf','dfsdfsd');
    mysql_select_db('publicdb');
    $result=mysql_query("select * from electioncategorymaster");
?>
<ul id="<?php echo $ulName; ?>" name="<?php echo $ulName; ?>">
<?php while($row=mysql_fetch_array($result))
{ ?>
    <li><?php echo $row[1]; ?></li>
<?php } ?>
</ul>

---

You may not be getting the parameters you expect, so start your script with

var_dump($_GET);

to see what your page is actually getting.

While I appreciate you are just learning, accepting parameters which are passed verbatim to the database server and to the client browser is a security no-no.

Take the $ulName variable - I could inject HTML of my choosing there, so why not constrain it to alphanumerics?

if (preg_match('/[^a-z0-9_]/i',  $ulName)
    die("Invalid ControlName specified");

As for accepting SQL via a parameter, I really wouldn't do that unless you trust the user of your application completely....

?SqlQuery=DROP+DATABASE+publicdb

Scary right? Now how about if you combined both these flaws? I could craft a link which displayed your page, but embedded a form with hidden fields containing that query, along which a big button which said "click me for funny cat videos". Now I just need to send the link out there and wait for someone else to do my evil bidding :)

---

Try var_dump($query); (will also report/show empty strings)

If your page is completely blank a look into your apache (or webserver of your choice) errorlogs could also be helpful.

---

try this:

var_dump($query);
exit;

and see what's happens.

---

This may sound useless, but you should also copy in an 'example' URL that you are using.

PHP is case-sensitive (especially when it comes to array keys) so for one, I would check that the URL that you are calling is using the correct case when it comes to the GET parameters.

---

When this simple method fails to show any value the question naturally arises: "Is echo working or is there no value to display?"

I did something similar a while ago, but rather than use echo, I used

printf("[%s]", $query);

So I could see the empty [] when there was no value returned by $_GET

---

first: enable error logging and also log to a logfile.

error_reporting(E_ALL);
ini_set('display_errors','On');

you can try if your error logging is working by doing the following:

error_log("This Error should be displayed!", 0);

see more about error handling and logging on the php.net site: http://www.php.net/manual/en/book.errorfunc.php