[SOLVED] 500 Server Error When Sending Certain Post or Get Data.

[jjacquay712]

When I send any POST or GET data to Apache that has the string "http://" in it i get a 500 internal server error. Any reasons this might be happening?

 

 

              Thanks, John

[PFMaBiSmAd]

The 500 errors on php pages are usually caused by php errors that prevent the code from completing.

 

You would need to check your web server error log and/or post your code if you want someone to help determine what it might be doing that would cause such an error when data containing http:// is received.

[jjacquay712]

I was looking at the Apache logs and it doesnt say anything specific about the error.

 

Here is the code im using:

 

<?php
require("db_config.php");
session_start();

if ( $_SESSION['username'] ) {
$title = "Create Link";
require("includes/page_top.php");
if ( $_GET['page'] ) {
	if ( $_POST['Submit'] ) {
		if ( $_POST['title'] && $_POST['url'] ) {
			mysql_query("INSERT INTO `links` (`main` ,`title` ,`url`) VALUES ('{$_GET['page']}', '{$_POST['title']}', '{$_POST['url']}');");
			if ( $_GET['refer'] ) {
				echo '<h1>Link Created</h1><p><input type="button" value="Back" onClick="document.location=\'http://' . $_GET['refer'] . '\';"></p>';
			} else {
				echo '<h1>Link Created</h1><p><input type="button" value="Back" onClick="document.location=\'create_link.php\';"></p>';
			}
		} else {
			echo '<p style="color: red;">Please Fill Out All Fields</p>';
			include("includes/create_link_form.php");
		}
	} else {
		include("includes/create_link_form.php");
	}
} else {
	echo '<h1>Create Link</h1><br />';
	echo '<table><tr class="fieldname"><td>Name</td><td></td></tr>';
	$alter = "white";
	$query = mysql_query("SELECT * FROM pages WHERE owner = '{$_SESSION['username']}'");
	while ( $page = mysql_fetch_array($query) ) {
		if ($alter == "white") {
			echo '<tr class="' . $alter . '">';
			$alter = "black"; 
		} else {
			echo '<tr class="' . $alter . '">';
			$alter = "white";
		}
		echo '<td>' . $page['name'] . '</td><td><a href="create_link.php?page=' . $page['id'] . '" class="delete" title="Create Link"><img src="images/add.png" /></a></td></tr>';	  
	}
	echo '</table>';
}
require("includes/page_bottom.php");
} else {
header("location: index.php");
}
?>

 

It's basically a a form on my CMS that allows you to add a link to the page.

[PFMaBiSmAd]

Add the following two lines of code, for debugging purposes, immediately after the first opening <?php tag on the page -

ini_set("display_errors", "1");
error_reporting(E_ALL);

[jjacquay712]

I did that, and nothing has changed.

[PFMaBiSmAd]

Which exact variable is the one that ends up with the http:// in it and does the problem occur for any value with http:// or only for specific url's?

 

And, you need to use mysql_real_escape_string() on all external data that is put into a query.

[jjacquay712]

$_POST['url'] is the variable that has the http:// in it. I also have a sanitize function already in use in db_config.php that loops through each of the $_POST vars.

 

<?php
function sanitize($input) {
if ( is_array($input) ) {
	foreach ( $input as $title=>$data ) {
		$input[$title] = mysql_real_escape_string($data);
	}	
	return $input;
} else {
	return mysql_real_escape_string($input);	
}
}

$_POST = sanitize($_POST);
$_GET = sanitize($_GET);
?>

 

EDIT:

 

It occurs with any POST or GET data being sent.

[PFMaBiSmAd]

You have marked this as solved. So that others experiencing the same problem might be helped, what was causing the error?