0

Not sure whats going on, this is my first time ever using prepared statements, trying to harden my source code. Getting an internal 500 error when calling the save.php file via ajax. Can anyone gut check my code and tell me if there are errors? No errors come out of the code except for a 500 error in the console, PHP INI errors are empty and no MYSQLI errors either.

Note: I have already enabled logging and errors and both return empty

ini_set('display_startup_errors', 1);
ini_set('display_errors', 1);
error_reporting(E_ALL);

include '../../admin/app/config.php';

if(count($_POST)>0){
    if($_POST['type']==1){
    
        $sql = "INSERT INTO `users`(`client_id`,`first_name`,`last_name`,`email`,`role`) 
        VALUES (?,?,?,?,?)";
        
        if ($stmt = mysqli_prepare($link, $sql)) {
        
            $client_id=$_POST['client_id'];
            $first_name=$_POST['first_name'];
            $last_name=$_POST['last_name'];
            $email=$_POST['email'];
            $role=$_POST['role'];
            mysqli_stmt_bind_param($stmt, "sssss", $client_id,$first_name,$last_name,$email,$role);
            
            
            mysqli_stmt_execute($stmt);
            echo json_encode(array("statusCode"=>200));
            
            
        } 
        else {
            mysqli_error($link);
        }
        // Close statement
        mysqli_stmt_close($stmt);
 
        // Close connection
        mysqli_close($link);

    }
}

Just looking for a nudge in the right direction or if I am missing something like perhaps I need to enable prepared statements in PHP.INI? Not sure, again first time with prepared statements. save.php is permissioned and chmod'd correctly, works fine in normal non prepared statement mode which makes me think its a server issue but not sure where to start looking there.

Jon Brown
  • 1
  • 1
  • 1
    Enable error reporting to get errors. – user3783243 Oct 17 '22 at 14:54
  • You're looking into completely wrong direction. There is no such thing in programming as "a gut check" or "a nudge" from a stranger. The error can be anything. Caused by a thousand different problems. For example, a database error. You can post your entire code but it won't make anywhere closer. You need to ask your own system, for the exact reason. But not strangers to look at the code. – Your Common Sense Oct 17 '22 at 15:48
  • @YourCommonSense I hear you, and I agree, I just want someone to tell me if my code at the very least is correct and if so, that helps me rule out that as a possible avenue. If its not then LMK I have never written a MYSQLI prepared statement before. I will keep working on trying to get this to log an error at some level, thx for your response. – Jon Brown Oct 17 '22 at 15:53
  • I would remove all those mysqli related if's and close's because they are completely useless. but they shouldn't cause the error either. Still you need the actual error message. Are you checking the actual output in the developer's console? Did you try to call this ajax URL directly in the browser? What does it show? – Your Common Sense Oct 17 '22 at 16:19
  • You may check the connection code that must be like [this](https://phpdelusions.net/mysqli#prepare) just in order to make sure that all mysqli-related errors will reveal themselves – Your Common Sense Oct 17 '22 at 16:20
  • @YourCommonSense, FYI love love love the name ;) thx for that. I am going to try to add mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); before the connect tonight to see if that flushes out any additional error messages. – Jon Brown Oct 17 '22 at 16:40
  • I see my question was automatically closed. @YourCommonSense after adding in mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); this line, it all started working automatically and the 500 error went away. I never got any errors in any of the server files nor output to the console or screen etc.. but simply having that line made it all "work" as your link suggested, so thank you for your help. – Jon Brown Oct 17 '22 at 21:33

0 Answers0