Error 500 Using Mysql In Php

Question

Could someone please explain to me what is wrong with my code? When I try to visit the page it just gives me a HTTP Error 500. Here's the code.

<?php
$conn = new mysqli("localhost","user","pass","db");
if(!empty($_GET['Info']))
{
    $Info = $_GET['Info'];
    $sql = "SELECT * FROM `Judges` WHERE `id` EQUALS $Info";
    $result = $conn->query($sql);

    if ($result->num_rows > 0) 
    {
        while($rows = $result->fetch_assoc()) 
        {
            $PictureFile = Null
            if(empty($rows["PictureFile"]))
            {
                $PictureFile = "MissingPicture.png";
            }
            else
            {
                $PictureFile = $rows["PictureFile"];
            }
            echo '<div><img src="' . $PictureFile . '" style="width=100px;height=100px;"> <p>This Is Just A Test Message!</p></div>';
        }
    } 
    else 
    {
        echo "<p style='text-align: center;'>Your Search Came Back With 0 Results :(</p>";
    }
}
$conn->close();
?>

You have to check your webserver-log. The 500-error could be caused by too many reasons. — Oliver, May 26 '17 at 14:07
$sql = "SELECT * FROM `Judges` WHERE `id` EQUALS $Info"; should equals be =? — Kimberlee Ho, May 26 '17 at 14:08
Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). — Alex Howansky, May 26 '17 at 14:22
@AlexHowansky Thank you so much, I hate that sql injection is a thing. — wesleyd1124, May 26 '17 at 14:25

score 0 · Answer 1 · edited May 26 '17 at 16:41

0

Add ; at the end of $PictureFile = Null

edited May 26 '17 at 16:41

Shawn Mehan

4,513
9
31
51

answered May 26 '17 at 14:10

Jerry U

618
9
22

score 0 · Accepted Answer · answered May 26 '17 at 14:11

0

You forgot a ; after this command line

$PictureFile = Null

I couldn't test the script but it must solve your problem.

answered May 26 '17 at 14:11

mehfatitem

147
1
12

No don't act like this. Such things happen. :) – mehfatitem May 26 '17 at 14:15

score 0 · Answer 3 · answered May 26 '17 at 14:11

change EQUALS to = and add ; after $PictureFile = Null

    <?php
$conn = new mysqli("localhost","user","pass","db");
if(!empty($_GET['Info']))
{
    $Info = $_GET['Info'];
    $sql = "SELECT * FROM `Judges` WHERE `id`= $Info";
    $result = $conn->query($sql);

    if ($result->num_rows > 0) 
    {
        while($rows = $result->fetch_assoc()) 
        {
            $PictureFile = Null;
            if(empty($rows["PictureFile"]))
            {
                $PictureFile = "MissingPicture.png";
            }
            else
            {
                $PictureFile = $rows["PictureFile"];
            }
            echo '<div><img src="' . $PictureFile . '" style="width=100px;height=100px;"> <p>This Is Just A Test Message!</p></div>';
        }
    } 
    else 
    {
        echo "<p style='text-align: center;'>Your Search Came Back With 0 Results :(</p>";
    }
}
$conn->close();
?>

Error 500 Using Mysql In Php

3 Answers3