PHP Form Giving HTTP ERROR 500

Question

For some reason when I click the login button for my form it redirects to the php page and then gives me HTTP Error 500. I'm new to PHP and I'm not really sure what I'm doing wrong.

Here's what's in my HTML file without a lot of CSS

<body style="background-color: #ff0000">
    <div class="form">
        <form action="login.php" method="POST">
                <input id="w" type="text" name="Username" placeholder="Username">
                <input id="w" type="password" name="Password" placeholder="Password">
                <input id="s" type="submit" value="Submit"> <!--Do login checking stuff here, then go to staff homepage --->
        </form>
        <form action="index.html" style="margin: 0">
            <input id="s" type="submit" value="Go Back">
        </form>
    </div>
</body>

And Here's my PHP file

<?php
$username = $_POST['username'];
$password = $_POST['password'];

$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$conn = mysql_connect("localhost", "root", "");
$db = mysql_select_db($conn, "id1394453_users");

$result = mysql_query("SELECT * FROM Users WHERE username = '$username' AND password = '$password'") 
    or die("Failed to query database".mysql_error());

$row = mysql_fetch_array($result);
if ($row['username'] == $username && $row['password'] == $password) {
    echo "Login Success!".$row['username'];
} else {
    echo "Failed to Login!"
}

?>

Your code is vulnerable to [**SQL injection attacks**](https://en.wikipedia.org/wiki/SQL_injection). You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). — Alex Howansky, Apr 17 '17 at 21:40
Stop using the `mysql_*` functions. They have been deprecated since v5.5 (Jun 2013) and removed since v7.0 (Dec 2015). Instead use the [**mysqli_***](https://secure.php.net/manual/en/book.mysqli.php) or [**PDO**](https://secure.php.net/manual/en/book.pdo.php) functions with [**prepared statements**](https://secure.php.net/manual/en/pdo.prepare.php) and [**bound parameters**](https://secure.php.net/manual/en/pdostatement.bindparam.php). — Alex Howansky, Apr 17 '17 at 21:40
Never store plain text passwords. You should use [`password_hash()`](http://us3.php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://us3.php.net/manual/en/function.password-verify.php) instead. — Alex Howansky, Apr 17 '17 at 21:40
You need to terminate the `echo "Failed to Login!"` line with `;` at the end. Error-reporting and checking your logs, then a quick Google search if you don't understand the error would've helped you much faster. And please, take careful note of the comments above - *they are very important*. — Qirel, Apr 17 '17 at 21:40
Also, thanks for the feedback. Looks like I got a little work to do. — thebootsie123, Apr 17 '17 at 21:42

PHP Form Giving HTTP ERROR 500

0 Answers0