PHP脚本中的HTTP 500错误
[英]HTTP 500 Error in PHP script
问题描述
i'm having an 500 error with my register.php file. 
我的register.php文件出现500错误。 I have no clue why... I tried some php validator website but they don't help me alot. 我不知道为什么...我尝试了一些php验证器网站,但它们对我没有帮助。 xd d
Here is the code: 这是代码:
register.php: register.php:
<?php
require('connect.php');
// If the values are posted, insert them into the database.
if (isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$premium = "false";
$ip = $_SERVER['HTTP_X_FORWARDED_FOR']?: $_SERVER['HTTP_CLIENT_IP']?: $_SERVER['REMOTE_ADDR'];
$countrycodeget = json_decode(file_get_contents("https://ipinfo.io/{$ip}"));
$countrycode = $countrycodeget->country;
$active = "1"
$query = "INSERT INTO `user` (username, password, email, premium, ip, countrycode, active) VALUES ('$username', '$password', '$email', '$premium', '$ip', '$countrycode', '$active')";
$result = mysqli_query($connection, $query);
if ($result) {
$smsg = "Your account has been created.";
} else {
$fmsg ="An error occured, please try again later.";
}
}
?>
connect.php: connect.php:
<?php
$connection = mysqli_connect('localhost', 'xxxx', 'xxxx', 'xxxx');
if (!$connection){
die("Database Connection Failed" . mysqli_error($connection));
}
$select_db = mysqli_select_db($connection, 'test');
if (!$select_db){
die("Database Selection Failed" . mysqli_error($connection));
}
?>
3 个解决方案
解决方案1
4 已采纳 2017-03-12 15:44:07
You do have at least one syntax error here: 您的确有至少一个语法错误:
$active = "1"
There's no semicolon at the end of the line. 该行的末尾没有分号。
But next time, you should specify: 但是下次,您应该指定:
- the exact text of the 500 error you're getting (in this case it might have been "Syntax error at line..." which would have be an enormous help) 您得到的500错误的确切文本(在这种情况下,可能是“语法错误……”,这将是极大的帮助)
- the error in the php_error log, or in the Apache error log, if available php_error日志或Apache错误日志中的错误(如果有)
In a pinch, you can get your PHP file analyzed by the command line PHP without involving any validator site: 关键时刻,您可以通过命令行PHP分析您的PHP文件,而无需涉及任何验证程序站点:
php -l name/of/your/file.php
Debugging 调试
So you got: 所以你得到:
Warning: mysqli_connect(): (HY000/1044): Access denied for user 'admin'@'localhost' to database 'account' in /dir/account/connect.php on line 2
PHP Warning: mysqli_error() expects parameter 1 to be mysqli, boolean given in /dir/account/connect.php on line 4
The second warning is due to the fact that you passed $connection without checking it to be a valid resource. 第二个警告是由于您通过了$connection而不检查它是否为有效资源这一事实。 So: 所以:
$connection = mysqli_connect(...);
if (!is_resource($connection)) {
die("Connection error"); // And you cannot use $connection.
}
The first warning is from MySQL: 第一个警告来自MySQL:
Warning: mysqli_connect(): (HY000/1044): Access denied for user 'admin'@'localhost' to database 'account' in /dir/
Apparently the user admin has no access rights to the account database. 显然,用户管理员对帐户数据库没有访问权限。
You need an administrator account to log onto MySQL server, and when you're there: 您需要一个管理员帐户才能登录到MySQL服务器,并且在该位置:
GRANT ALL PRIVILEGES ON account.* TO 'admin'@'localhost' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
The first command grants access, and the second command makes it stick. 第一个命令授予访问权限,第二个命令使其保持不变。 Notice the 'localhost': that's where the server believes that your connection comes from. 注意“ localhost”:服务器认为您的连接来自哪里。
You strongly want to give the access host to the exact same host MySQL told you it saw you come from. 您强烈希望将访问主机分配给MySQL告诉您的相同来源的主机 。 Even if you believe that it makes no difference, it does (or it might do, and why risk?). 即使您认为它没有任何区别,它也会(或者可能会起作用,为什么会有风险?)。
On some systems, even if localhost is widely regarded as a synonym for (say) 127.0.0.1 , using the wrong one will make the connection fail (this is actually truer for MySQL, where localhost is not a synonym for 127.0.0.1; but it holds for other sites, where webserver.mydomain.net resolved to xyzk, and yet using xyzk would not work if MySQL server saw you come from webserver.mydomain.net). 在某些系统上, 即使localhost被广泛认为(例如)127.0.0.1的同义词 ,使用错误的连接也会使连接失败(对于MySQL来说更是如此,因为localhost不是127.0.0.1的同义词;但是它适用于其他站点,其中webserver.mydomain.net解析为xyzk,但是如果MySQL服务器看到您来自webserver.mydomain.net,则无法使用xyzk。)
Danger Will Robinson! 危险威尔·鲁滨逊!
You have a further problem in your code: you take two values from the user, do not check them, and insert them in your database . 您的代码中还有另一个问题:您从用户那里获取了两个值,不要检查它们, 然后将它们插入数据库中 。
Suppose then that I register me a "bobby" account with this password: 假设我用这个密码注册了一个“ bobby”帐户 :
LittleBobbyTables', (SELECT password FROM user WHERE username = 'admin'), '...',...) -- '
Your INSERT query becomes now: 您的INSERT查询现在变为:
INSERT INTO `user` (username, password, email, ...
VALUES ('bobby', 'LittleBobbyTables', (SELECT password FROM user WHERE username = 'admin'), '...',...) -- ', rest of the old code
The account is now created, its password is LittleBobbyTables, and its email is now the password of the admin user . 现在已创建该帐户,其密码为LittleBobbyTables,其电子邮件现在为admin用户的密码 。
Hashing the password is not a real solution (even if some people have claimed this), because I can run the same attack on the email field, or even the user field, and recover the hashed password which, if not salted, 95% of the times will allow me to find out what the admin password is. 散列密码不是一个真正的解决方案 (即使有人声称这样做),因为我可以对电子邮件字段甚至用户字段进行相同的攻击,并恢复散列的密码,如果不加盐,则有95%时间将允许我找出什么是管理员密码。 But more to the point, if you don't protect the login page, I'm willing to bet that all the other pages interfacing with the database will be open even wider (on some systems, I could lock out the administrator and gain access for myself by sending an information query from the "contact us" page). 但更重要的是,如果您不保护登录页面,那么我敢打赌,与数据库连接的所有其他页面将更加开放(在某些系统上,我可以锁定管理员并获得访问权限通过从“与我们联系”页面发送信息查询来为自己服务。
So you want to read this , this , and even this . 所以你想读这个 , 这个 ,甚至这个 。
解决方案2
1 2017-03-12 15:47:00
Update your register.php with the below code 使用以下代码更新您的register.php
<?php
require('connect.php');
// If the values are posted, insert them into the database.
if (isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$premium = "false";
$ip = $_SERVER['HTTP_X_FORWARDED_FOR']?: $_SERVER['HTTP_CLIENT_IP']?: $_SERVER['REMOTE_ADDR'];
$countrycodeget = json_decode(file_get_contents("https://ipinfo.io/{$ip}"));
$countrycode = $countrycodeget->country;
$active = "1";
$query = "INSERT INTO `user` (username, password, email, premium, ip, countrycode, active) VALUES ('$username', '$password', '$email', '$premium', '$ip', '$countrycode', '$active')";
$result = mysqli_query($connection, $query);
if ($result) {
$smsg = "Votre compte à bien été créé.";
} else {
$fmsg ="Une erreur s'est produite, ré-essayer plus tard.";
}
}
?>
解决方案3
0 2017-03-12 15:44:13
This line is missing a ; 这行缺少一个; on the end: 最后:
$active = "1"
If not that, look at your Apache/http server logs for errors. 如果不是这样,请查看您的Apache / http服务器日志中是否有错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.