0

How I solve this error.

"This page isn’t working sample.com is currently unable to handle this request. HTTP ERROR 500

this is my file

<?php
$uname=$_GET['uname'];
$pwd=$_GET['pwd'];
$num=$_GET['num'];
$email=$_GET['email'];
$re_pwd=$_GET['re_pwd'];
echo $uname;
$conn=mysql_connect("localhost","test_prgram","test123","test_program");
if($conn==true)
{
    echo "connection successfully";
    $query=mysqli_query("insert into user values ( ".$uname.",".$num.",".$email.",".$pwd",".$re_pwd.")");
        mysqli_execute($query);
}
else
{
    echo "error";
}
$mysql_close();
?>
sai_z
  • 1
  • 1
    You use mysql_connect and then mysqli_ functions – Nigel Ren Oct 02 '19 at 10:26
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Oct 02 '19 at 10:47
  • **Never store plain text passwords!** Please use ***PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)*** to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). ***It is not necessary to [escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Oct 02 '19 at 10:47

2 Answers2

1

You should escape string values in mysqli_query

replace insert into user values ( ".$uname.","....

with

insert into user values ( '".$uname."','"....

and so on

But, as mentioned in comment, you should use more appropriate method for query, called prepared statement https://www.tutorialrepublic.com/php-tutorial/php-mysql-prepared-statements.php

DuhVir
  • 447
  • 1
  • 4
  • 15
  • Let's not teach/propagate sloppy and dangerous coding practices. If you post an answer without prepared statements [you may want to consider this before posting](http://meta.stackoverflow.com/q/344703/). Additionally [a more valuable answer comes from showing the OP the right method](https://meta.stackoverflow.com/a/290789/1011527). – Jay Blanchard Oct 02 '19 at 10:47
  • 1
    @Jay Blanchard noted and edited. Thank you. I'm here new one – DuhVir Oct 02 '19 at 10:55
0

Possibly just the missing dot (.) in your concatenation between pwd and re_pwd

.$email.",".$pwd",".$re_pwd
greysaff
  • 198
  • 1
  • 9