0

I tried to make a login page for my project, but when I click on the Login button I get a message saying "This page isn’t working. website is currently unable to handle this request."(Chrome - HTTP ERROR 500). I carefully checked my login.php file, but I cannot seem to find where is the problem. This is the only file I have edited before the site crashed, so I am sure the problem is in my login.php file. Here's what's inside:

<?php
session_start();
include("connect.php");
$user=$_REQUEST['user'];
$password=$_REQUEST['pass'];
$status=0;
$qa="select * from  Users where Username='"$user"' and 
Password='"$password"')";
$rss= mysqli_query($conim,$qa);
$status=  mysqli_num_rows($rss);
if ($status<1){
echo('<div style="padding:10px">Некоректни данни за вход!
<a href="../index.html">Обратно към сайта</a></div>');
exit;
}else{
header("Location: ../index.html");
exit;
}
Valentino Gechev
  • 1
  • 4
    Your `$qa` variable has invalid syntax. Your 'string' will read `select * from Users where Username='`, and then encounter `$user`, and crash. Consider using `.` to concatenate, or re-structuring your quotes. Also, please consider using [**prepared statements**](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) to avoid MySQL injection. – Obsidian Age Jul 09 '17 at 23:19
  • have you tried enabling error reporting so PHP can tell you what's wrong? plus: your code is WIDE open to SQL injections! use prepared statements, or you WILL lose data. also: **NEVER** store plain text passwords. use `password_hash` and `password_verify` – Franz Gleichmann Jul 09 '17 at 23:20
  • Is this a copy-paste error, or are your strings actually split over two lines? (Also, [please use prepared statements](https://stackoverflow.com/a/24989031/1270789)!) – Ken Y-N Jul 09 '17 at 23:20

1 Answers1

1

Use . before and after $user and $password. You need to join the strings in the $qa variable.

kkica
  • 4,034
  • 1
  • 20
  • 40