Server 500 error

#1

Hi I’m trying to set up a pretty basic form but I’ve been stuck with a server 500 error for some time now so should probably admit I’m out of my depth. I’ll try and include as much info as I can and thanks in advance for any advice.

So setting up PHP form connecting to mysql.

pretty standard connection code, I have Apache on one server and mysql on another hence setting the server as an IP address not localhost.

I’ve convinced myself that the 500 error is due to an authentication error connecting from the Apache server to the mysql server so I’ve set all the php files on the Apache server with chmod 777 and on the mysql server created ‘user’@’%’ and I have tried identified by the password I use to log in and the encrypted password from etc\shadow as wasn’t sure which it needed to authenticate but hasn’t worked with ether.

The install is xampp-linux-x64-7.2.3.0-installer-run

error

This page isn’t working

192.168.1.80 is currently unable to handle this request.

HTTP ERROR 500

<?php
	$dbserver = "10.0.2.15";
	$dbuser = "user";
	$dbpassword = "XXX";
	$dbdatabase = "website";

	$cn  = mysql_connect($dbserver , $dbuser, $dbpassword);
	
	if (!mysql_select_db($dbdatabase, $cn)) {
		echo "Sorry, could not connect to $dbdatabase";
		die();
	}

	if (!isset($_POST['submit'])) {
		header("Location: mysql-insert-form.php");
		die();
	}
	
	
	
	$name = htmlspecialchars(trim($_POST['name']));
	$age = $_POST['age'];
	$address = $_POST['address'];	
	$username = $_POST['username'];	
	$password = md5(htmlspecialchars(trim($_POST['password'])));
	$level = $_POST['level'];
	
	$name = mysql_real_escape_string($name);
	//$age = mysql_real_escape_string($age);
	$address = mysql_real_escape_string($address);
	$username = mysql_real_escape_string($username);
	$password = mysql_real_escape_string($password);
	//$level = mysql_real_escape_string($level);

	$sql = "INSERT INTO users 
			(name, age, address, username, password, level) 
			VALUES 
	('$name', $age, '$address', '$username', '$password', $level)"; 

	if(!mysql_query($sql, $cn)) {
	
		print "Error - data not submitted";
		die();
	};

	header("Location: mysql-insert-form.php");


?>
#2

You are getting a fatal php runtime error because the very old and obsolete mysql_ extension has been removed from php. To see the actual error information, set php’s error_reporting to E_ALL and display_errors to ON, in the php.ini on your system.

The code needs to be updated to use the PDO extension, use prepared queries when supplying external/unknown values to the sql query statement, and use exceptions to handle errors. Also, htmlspecialchars() is an output function. It is used when you output values on a web page. It is not used on values being input into an sql query statement. Md5() was never an acceptable password hashing method. Use php’s password_hash() and password_verify().

2 Likes