执行PHP脚本时如何修复服务器错误500？

Question

I am trying to insert into a database through PHP. However, when I connect to the PHP file I get server 500 error. Would anyone be able to spot what I am doing wrong?

<?php

    include 'db-security.php';
    function db_login() 
    {
        $userName = filter_input(INPUT_POST, "userName");  
        $password = filter_input(INPUT_POST, "password");

       //binding the variable to sql.
       $statement = $link->prepare("INSERT INTO user(username, password)        
       VALUES($userName, $password)");

       //execute the sql statement.
       $statement->execute();
}
db_login();
?>

Updated:

I have discovered the error occurs when i add filer_input or $_post to the php.

<?php

include 'db-security.php';
function db_login() {
        global $conn;
        // use my eaxmple to filter input to get the data out of the form, because security.
        //$userName = filter_input(INPUT_POST, "userName");  
        $userName = $_POST['userName'];
        $password = $_POST['password'];
        //$password = filter_input(INPUT_POST, "password"); 

    //binding the variable to sql.

    $stmt = $conn->prepare("INSERT INTO user(username, password)VALUES(:usrname, :pswd)");
    $stmt->bindParam(':pswd', $password);
    $stmt->bindParam(':usrname', $userName);
    $stmt->execute();
    //execute the sql statement.
}
db_login();
?>

db-security.php

<?php

include_once 'conf.php';
function db_connect() {
 // Define connection as a static variable, to avoid connecting more than once 
    static $conn;

    // Try and connect to the database, if a connection has not been established yet
    if(!isset($conn)) {
         // Load configuration as an array. Use the actual location of your configuration file  
try 
      {
          $conn = new PDO("mysql:host=localhost;port=3307;dbname=database", DB_USERNAME,DB_PASSWORD);
              // stores the outcome of the connection into a class variable
          $db_msg = 'Connected to database';
      }
      catch(PDOException $e)
      {
          $conn = -1;
          $db_msg = $e->getMessage();
      }

//$conn = new PDO(DB_HOST,DB_USERNAME,DB_PASSWORD , MAIN_DB);



    }
}
db_connect();
?>

Answer 1

So you need to bind your parameters after prepare statement

$stmt = $link->prepare("INSERT INTO user(username, password)VALUES(:usrname, :pswd)");
$stmt->bindParam(':pswd', $password);
$stmt->bindParam(':usrname', $userName);
$stmt->execute();

Answer 2

Where is $link defined? In 'db-security.php'? If yes then you have a variable scope problem. Just pass $link in the function call. This would have to be done for all functions.

define function as = function db_login($link)
call function like = db_login($link);

EDIT:

Don't use a function for 'db-security.php' it should be like this:

<?php
$conn = new PDO('mysql:host=localhost;dbname=testdb;charset=utf8', 'username', 'password');
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$conn->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
?>

This is not complete code, just a sample. Now $conn is in the global variable scope and using global in the functions will work. Or just pass $conn to the function and not use global at all.

EDIT2:

Below are the working sample scripts. You need to change some information to match your setup. I'm not sure why the function is called db_login() since the function actually adds the user/password into the 'user' table.

conf.php

<?php
define('DB_USERNAME', 'test');
define('DB_PASSWORD', '123456');
?>

db-security.php

<?php
include_once 'conf.php';

try
{
 $conn = new pdo("mysql:host=localhost; dbname=test; charset=utf8", DB_USERNAME, DB_PASSWORD);
 $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
 $conn->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
}
catch(PDOException $e)
{
 die('Unable to connect to database!');
}
?>

main script

<?php
include 'db-security.php';

function db_login()
{
 global $conn;
 $userName = $_POST['userName'];
 $password = $_POST['password'];
 $stmt = $conn->prepare("INSERT INTO user(username, password) VALUES(:usrname, :pswd)");
 $stmt->bindParam(':usrname', $userName);
 $stmt->bindParam(':pswd', $password);
 $stmt->execute();
}
db_login();
?>

Answer 3

I have been looking at your code and I would advice you to try a different approach. I've been wrapping my head around this subject for a while when learning PHP. Best advice i've had is that you can best try when fetching information from the DB is using a try/catch statement everytime. Sounds annoying or problematic but it easy to overlook and well written maintained code because you know every try catch block will execute or catch the error atleast.

With PDO being one of the best solutions because it can connect with multiple databases the best way to execute getting information from the Database is this:*

I am gonna give you my example of something i wrote. I don't want to write it all out in your situation because i feel that's something you can better do to learn what went wrong and i hope this gives you a step in the right direction.

database.php

$serverName = "";
$dbName = "";
$userName = "";
$password = "";

try {

        $db = new PDO("mysql:host=$serverName;dbname=$dbName", $userName, $password);
        // Set the PDO error mode to exception
        $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $db->exec("SET NAMES 'utf8'");

    }
    catch(PDOException $e){

        echo"Connection failed: " . $e->getMessage();
        exit;
    }

?>

index.php Executing a simple commmand get firstName from employers

<?php 
require_once 'database.php';

try 
{ 
    $sQuery = " 
        SELECT 
            firstName 
        FROM 
            employees 
    "; 

    $oStmt = $db->prepare($sQuery); 
    $oStmt->execute(); 

    while($aRow = $oStmt->fetch(PDO::FETCH_ASSOC)) 
    { 
        echo $aRow['firstName'].'<br />'; 
    } 
} 
catch(PDOException $e) 
{ 
    $sMsg = '<p> 
            Regelnummer: '.$e->getLine().'<br /> 
            Bestand: '.$e->getFile().'<br /> 
            Foutmelding: '.$e->getMessage().' 
        </p>'; 

    trigger_error($sMsg); 
} 



?>

Good luck and i hope my index.php is helpful in showing you how I find is the best way momentarily to talk to the database.