[英]Why am I getting a HTTP 500 error?
I've just finished off this form and I'm trying to get it to work but the server throws a 500 error at me.我刚刚完成了这个表格,我正试图让它工作,但服务器向我抛出了一个 500 错误。 I don't have access to the server logs and I've looked on here.
我无权访问服务器日志,我在这里查看过。
I've checked for smart quotes and replaced the ones I could find.我检查了智能报价并替换了我能找到的报价。 I've uploaded it again and I can't work out why it's still throwing this at me.
我再次上传了它,但我不明白为什么它仍然向我抛出这个。
<?php
$host = "localhost";
$user = "username";
$password = "password";
$dbname = "database";
$conn = mysqli_connect($host, $user, $password, $dbname);
if(!$conn){
die("Connection failed: " . mysqli_connect_error());
} ?>
<?php
$studentID = intval($_POST['studentID']);
$fname = $_POST['fname'];
$fname = mysql_real_escape_string($fname);
$lname = $_POST['lname'];
$lname = mysql_real_escape_string($lname);
if($studentID != "")
{
if(($fname != "") && ($lname != "")) {
$sql = "SELECT * FROM Student WHERE StudentID = $studentID AND FirstName = $fname AND LastName = $lname";
}
else if ($fname != "") {
$sql = "SELECT * FROM Student WHERE StudentID = $studentID AND FirstName = $fname";
}
else if ($lname != "") {
$sql = "SELECT * FROM Student WHERE StudentID = $studentID AND LastName = $lname";
}
else {
$sql = "SELECT * FROM Student WHERE StudentID = $studentID";
}
}
else if($fname != "")
{
if($lname != ""){
$sql = "SELECT * FROM Student WHERE FirstName = $fname AND LastName = $lname";
}
else {
$sql = "SELECT * FROM Student WHERE FirstName = $fname";
}
}
else if($lname != "")
{
$sql = "SELECT * FROM Student WHERE LastName = $lname";
}
else {
echo "<p>There is no query to submit</p>";
}
$result = mysqli_query($conn, $sql);
if(mysqli_num_rows($result) > 0){
echo "<table><tr><th>Student ID</th><th>First Name</th><th>Last Name</th><th>Unit 1</th><th>Unit 2</th><th>Unit 3</th><th>Unit 4</th></tr>";
while($row = mysqli_fetch_assoc($result)){
echo "<tr><td>" .$row["StudentID"]. "</td><td>" .$row["FirstName"]. "</td><td>" .$row["LastName"]. "</td><td>" .$row["Unit1"]. "</td><td>" .$row["Unit2"]. "</td><td>" .$row["Unit3"]. "</td><td>" .$row["Unit4"]. "</td></tr>";
}
echo "</table>"
}
else {
echo "There are no results for your query.";
}
mysqli_close($conn);
?>
I've checked my console and everything to see if anything will show up there but I'm drawing a blank.我检查了我的控制台和所有东西,看看那里是否会出现任何东西,但我画的是一张空白。 Any help would be appreciated.
任何帮助,将不胜感激。
First of all you need to add php error_reporting()
this will help you to find errors and warnings, but only for development environment not for production.首先,您需要添加 php
error_reporting()
这将帮助您查找错误和警告,但仅适用于开发环境,不适用于生产环境。
Second , very important, you need to use quotes around string values in your SQL Statements like:其次,非常重要的是,您需要在 SQL 语句中的字符串值周围使用引号,例如:
$sql = "SELECT * FROM Student WHERE StudentID = $studentID AND FirstName = '$fname' AND LastName = '$lname'"; // same for other queries
Third , why are you mixing mysqli_*
and mysql_*
together?第三,你为什么将
mysqli_*
和mysql_*
混合在一起? you need to use mysqli_real_escape_string()
function here and you are using mysql_real_escape_string()
.您需要在此处使用
mysqli_real_escape_string()
函数,并且您正在使用mysql_real_escape_string()
。
Fourth , Your code is still open for SQL Injection, you must need to prevent with SQL Attack, you can use prepared statements for this.第四,你的代码仍然对SQL Injection开放,你必须要防止SQL Attack,你可以为此使用prepared statements。
Five: i hope this is the typo error here echo "</table>"
missing semicolon here.五:我希望这是这里的拼写错误
echo "</table>"
在这里缺少分号。
Side Note:边注:
Very Special point : note that mysql_*
is deprecated and closed in PHP 7.非常特别的一点:请注意
mysql_*
在 PHP 7 中已弃用并关闭。
You are mixing mysqli_
with the deprecated/removed mysql_
extension.您正在将
mysqli_
与已弃用/删除的mysql_
扩展混合使用。 You should use mysqli_real_escape_string
, or even better using bind variables.您应该使用
mysqli_real_escape_string
,甚至更好地使用绑定变量。 And as others have told if not using bind variables you have to be careful with quoting strings when creating a query正如其他人所说,如果不使用绑定变量,则在创建查询时必须小心引用字符串
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.