0

I'm still learning code. I'm in college and have entered everything like my professor to the tee. His code is running through to his DB, but mine is throwing a PHP 500 error.

I don't think that it is a code error, but I was hoping another set of eyes or someone with more experience code see an issue I'm not able to spot. I have tried changes to some of my variables and both the form and the PHP connection commands.

<head>
    <title>Post Your Content</title>
    <link rel="stylesheet" href="stylesheet.css" />
</head>

<body>
        <div class="header">
            <h1>Create Content for the Database!</h1>
            <p><i>If only the library of Alexandria was backed up to the cloud...</i></p>
        </div>

        <div class="topnav">
            <a href="homePage.php">Home Page</a>
            <a href="createContent.php">Create Content</a>
            <a href="#">Link</a>
            <a href="#" style="float:right">Link</a>
        </div>

        <form name="postcontent" method="post" action="InserttoDB.php"> 
            <p>Author:
            <input type="text" name="Author" id="Author"></p>
            <p>Title:
            <input type="text" name="Title" id="Title"></p>
            <p>Topics:
            <input type="text" name="Tags" id="Tags"></p>
            <p>Content:
            <input type="text" name="Content" id="Content"></p>
            <input type="submit">
        </form>

        <div class="footer">
            <h2>I made this for school!</h2>
        </div>
</body>

    <?php

//Catch information
//Render data
//Connect to database
//Insert data into database

$Author = htmlspecialchars($_POST['Author']); //grab value
echo "DEBUG - Author is" . $Author;
$Title = htmlspecialchars($_POST['Title']); //grab value
echo "DEBUG - Title is" . $Title;
$Tags = htmlspecialchars($_POST['Tags']); //grab value
echo "DEBUG - Tags are" . $Tags;
$Content = htmlspecialchars($_POST['Content']); //grab value
echo "DEBUG - Content is" . $Content;

//Database

$servername = "localhost:8889";
$username = "root";
$password = "root";
$dbname = "cms system";

$mysqli = new mysqli(
    $db_host,
    $db_user,
    $db_password,
    $db_db,
);


//create connection
$connection = new mysqli ($servername, $username, $password, $dbname);

//check connection
if($connection->connect_error) {
    die("Connection Failed: " . $connection->connect_error)
}

//INSERT INTO `content` (`PostID`, `Author:`, `Title:`, `Tags:`, `Content:`) VALUES ('test', 'test', 'test', 'test');

$sql = "INSERT INTO content(Author, Title, Tags, Content) VALUES ('$Author', '$Title', '$Tags', '$Content')";

//Run SQL

if(mysqli_query($connection, $sql)) {
    echo "New Post Created!";
}

//Error MSG

else {
    echo "Error: " . $sql . "" . mysqli_error($connection);
}

//Close DB Connection

$connection->close();    
?>

This is a screen shot of my database and the table for more information. Php is 7.4.1 and I am using MAMP. I am using visual studio to write. The browser is chrome.

php database screenshot

Dharman
  • 30,962
  • 25
  • 85
  • 135
UPSNinja
  • 9
  • 1
  • try turning on [error reporting](https://stackoverflow.com/questions/1053424/how-do-i-get-php-errors-to-display) – Sumit Wadhwa Dec 21 '20 at 04:26
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Dec 21 '20 at 15:15
  • You have a typo here `die("Connection Failed: " . $connection->connect_error)` but please delete all of it and change your professor/course. You should never be learning to write code like that. – Dharman Dec 21 '20 at 15:17
  • Here is how you can enable error reporting to see the error for yourself. [How to get the error message in MySQLi?](https://stackoverflow.com/a/22662582/1839439) You should also use proper IDE that will highlight the wrong line of code and point you to the error – Dharman Dec 21 '20 at 15:21

1 Answers1

2

Change that professor as soon as you can.

Change your db connection settings:

$servername = "localhost:8889";
$username = "root";
$password = "root";
$dbname = "cms system";

$mysqli = new mysqli(
    $db_host,
    $db_user,
    $db_password,
    $db_db,
);


//create connection
$connection = new mysqli ($servername, $username, $password, $dbname);

To :

$servername = '127.0.0.1'; 
$port = 3306; //Your port can be 3306 or 3307 or 3308
$username = 'root';
$password = 'root';
$dbname = 'test'; //no space between db name like yours 'cms system'
$charset = 'utf8mb4';

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
try {
    $connection = new mysqli($servername , $username , $password , $dbname , $port);
    $connection ->set_charset($charset);
} catch (\mysqli_sql_exception $e) {
     throw new \mysqli_sql_exception($e->getMessage(), $e->getCode());
}
unset($servername , $dbname , $username , $password , $charset);

Check your database name shouldnt have spaces in between. 'cmssystem'