为什么我收到HTTP 500错误?

时间:2016-10-14 09:07:07

标签: php mysql

我刚刚完成这个表单,我正试图让它工作,但服务器向我抛出500错误。我没有访问服务器日志,我在这里看了。

我已经检查过智能报价并替换了我能找到的报价。我已经上传了它,我无法理解为什么它仍然把它扔给我。

<?php
    $host = "localhost";
    $user = "username";
    $password = "password";
    $dbname = "database";
    $conn = mysqli_connect($host, $user, $password, $dbname);

    if(!$conn){
        die("Connection failed: " . mysqli_connect_error());
    } ?>

<?php

    $studentID = intval($_POST['studentID']);
    $fname = $_POST['fname'];
    $fname = mysql_real_escape_string($fname);
    $lname = $_POST['lname'];
    $lname = mysql_real_escape_string($lname);

    if($studentID != "")
    {
        if(($fname != "") && ($lname != "")) {
            $sql = "SELECT * FROM Student WHERE StudentID = $studentID AND FirstName = $fname AND LastName = $lname";
        }
        else if ($fname != "") {
            $sql = "SELECT * FROM Student WHERE StudentID = $studentID AND FirstName = $fname";
        }
        else if ($lname != "") {
            $sql = "SELECT * FROM Student WHERE StudentID = $studentID AND LastName = $lname";
        }
        else {
            $sql = "SELECT * FROM Student WHERE StudentID = $studentID";
        }
    }
    else if($fname != "")
    {
        if($lname != ""){
            $sql = "SELECT * FROM Student WHERE FirstName = $fname AND LastName = $lname";
        }
        else {
            $sql = "SELECT * FROM Student WHERE FirstName = $fname";
        }
    }
    else if($lname != "")
    {
        $sql = "SELECT * FROM Student WHERE LastName = $lname";
    }
    else {
        echo "<p>There is no query to submit</p>";
    }

    $result = mysqli_query($conn, $sql);

    if(mysqli_num_rows($result) > 0){
        echo "<table><tr><th>Student ID</th><th>First Name</th><th>Last Name</th><th>Unit 1</th><th>Unit 2</th><th>Unit 3</th><th>Unit 4</th></tr>";

        while($row = mysqli_fetch_assoc($result)){
            echo "<tr><td>" .$row["StudentID"]. "</td><td>" .$row["FirstName"]. "</td><td>" .$row["LastName"]. "</td><td>" .$row["Unit1"]. "</td><td>" .$row["Unit2"]. "</td><td>" .$row["Unit3"]. "</td><td>" .$row["Unit4"]. "</td></tr>";
        }

        echo "</table>"
    }
    else {
        echo "There are no results for your query.";
    }

    mysqli_close($conn);
 ?>

我已经检查了我的控制台和所有内容,看看是否会有任何显示,但我正在画一个空白。任何帮助将不胜感激。

2 个答案:

答案 0 :(得分:1)

首先你需要添加php error_reporting()这将有助于你找到错误和警告,但仅限于开发环境而非生产。

第二,非常重要的是,您需要在SQL语句中使用字符串值的引号,如:

$sql = "SELECT * FROM Student WHERE StudentID = $studentID AND FirstName = '$fname' AND LastName = '$lname'"; // same for other queries

第三次,为什么要将mysqli_*mysql_*混合在一起?您需要在此处使用mysqli_real_escape_string()功能,并且您正在使用mysql_real_escape_string()

第四,您的代码仍然为SQL注释打开,您必须使用SQL Attack来防止,您可以为此使用预准备语句。

五:我希望这是错误的错误echo "</table>"在这里丢失分号。

旁注:

非常特别的要点 :请注意,{7}中不推荐使用mysql_*

答案 1 :(得分:0)

您正在将mysqli_与已弃用/已移除的mysql_扩展名混合使用。您应该使用mysqli_real_escape_string,甚至更好地使用绑定变量。正如其他人所说的,如果不使用绑定变量,则在创建查询时必须小心引用字符串