Jump to content

Getting Error 500 on Web Server for PHP select query.


00stuff

Recommended Posts

I'm getting and Error 500 from my server. I'm not sure why... I think it might be my code. Can someone take a look please.

localhost is currently unable to handle this request.

HTTP ERROR 500

<?php
include("common/common.php");
include("../common/db_connector.php");

$email_sent = $_POST["inputEmail"];
$password_sent = md5($_POST["inputPassword"]);


// Check database for user credentials...
$sql = "SELECT * FROM users WHERE email = '$email_sent'";
$result = $conn->query($sql);

if ($result->num_rows > 0) {
    // output data of each row
    while($row = $result->fetch_assoc()) {
        //checks for true conditions if password and meail match database......
        if($email_sent == $row["email"] AND $password_sent == $row["password"]) {

			$_SESSION["username"] = $email_sent;
			echo "<script>window.location = 'dashboard/index.php';</script>";
		} else {
			echo "<script>alert('access denied'); window.location = 'index.php';</script>";
		}
    }
}
//////////////////////////////////////////////
?>
Link to comment
Share on other sites

Create a page - ie my_error_find.php and include the file you are testing to see if you can generate a useful error.

 

<?php

######### ERROR FINDING PAGE #########

 

ini_set('display_errors', 1);

ini_set('display_startup_errors', 1);

ini_set('error_reporting', E_ALL);

error_reporting(E_ALL);

error_reporting(-1);

 

include("Your_file_name.php"); // <<== PATH TO FILE WITH ERRORS

include("Your_file_name.php"); // <<== PATH TO FILE WITH ERRORS

 

 

?>

Link to comment
Share on other sites

Several problems with that code aside from the error you are getting.

 

1. Using user provided data directly in the query creating a risk of SQL injection. Should be using prepared statements.

 

2. Password is only hashed using MD5. This provides zero security. Use a proper password hashing process.

 

3. Isn't the email address unique for all users? If not, how would you know which user is logging in. If it is unique, then why is there a while() loop when running a query for records matching the email address?

 

while($row = $result->fetch_assoc()) {

 

4. Since the query is only returning record matching the email address, why is there a need to do another check on the email of the results?

 

if($email_sent == $row["email"] AND $password_sent == $row["password"]) {
Link to comment
Share on other sites

Create a page - ie my_error_find.php and include the file you are testing to see if you can generate a useful error.

 

<?php

######### ERROR FINDING PAGE #########

 

ini_set('display_errors', 1);

ini_set('display_startup_errors', 1);

ini_set('error_reporting', E_ALL);

error_reporting(E_ALL);

error_reporting(-1);

 

include("Your_file_name.php"); // <<== PATH TO FILE WITH ERRORS

include("Your_file_name.php"); // <<== PATH TO FILE WITH ERRORS

 

 

?>

 

Thanks for the advice. I created the error page and it showed me exactly what was wrong. It was a small typo on the include(file) line.

I fixed it and now it works fine.

 

Thanks.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.