How do I avoid an internal server error response code?

Question

I am in the process of developing a website for my church and have tried commenting out the php code and then the error goes away the code is needed to send the form to my server problem is I keep on getting http error 500

    <!DOCTYPE html>
<head>
</head>
<body>
<h1 align="center" class="heading">Welcome to church</h1><br>

<div align="center" class="about">
We are an ethiopian orthodox church which holds service evrey sunday
</div>

<div align="center" class="mapsapi">
<h3>Contact us</h3>
<form method="post" name="form" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<input type="text" name="firstname" placeholder="Firstname"><br>
<input type="email" name="email" placeholder="Email"><br>
<input type="submit">
<br>We are based in<br>
St Micheals Road, nw2 6xg
<br>
<br>
<iframe src="https://maps.google.com/maps?q=nw2%206xg&amp;t=&amp;z=13&amp;ie=UTF8&amp;iwloc=&amp;output=embed" id="gmap_canvas" scrolling="no" style="width: 600px; height: 400px;" frameborder="0"></iframe><a href="https://embedgooglemap.github.io" style="display:none;">map generator</a><br>
&nbsp;
</div>

<?php
if(isset($_POST["form"])) {
$form = $_POST["form"];
$fistname = $_POST["firstname"];
$email = $_POST["email"];
if ($formss == TRUE) {
$file = fopen("contactdetails", "a");
fwrite($file, $firstname);
fwrite($file, $email);
fclose($file);
header('Location: ' . $_SERVER['SCRIPT_NAME']);
?>

Please help

a 500 error can mean anything, but in this case it's probably because you don't end any of your IF blocks. You need a matching `}` at the end of each IF block. Proper code formatting would help you understand where they should be. — GrumpyCrouton, Jun 28 '23 at 20:59
`$fistname` is not the same as `$firstname`, unmatched parentheses, no sanity checking on POST variables, undeclared variable `$formss` — Professor Abronsius, Jun 28 '23 at 21:04
`$_SERVER["PHP_SELF"]` is not considered safe - to send to the same page simply omit the form action completely — Professor Abronsius, Jun 28 '23 at 21:05
`How do I avoid an internal server error`...by finding out what caused it, and fixing the bug. For local development, simply turn on PHP's on-screen error reporting. Also, in this particular case of what appears to be some syntax errors, use an IDE / Code editor (such as VS Code or similar) which supports PHP syntax, and can higlight such problems to you way before you get to the point of actually trying to run the code. — ADyson, Jun 28 '23 at 21:09
Regarding showing the error: [How can I get useful error messages in PHP?](https://stackoverflow.com/questions/845021/how-can-i-get-useful-error-messages-in-php) — ADyson, Jun 28 '23 at 21:09
Also, useful background reading in this case: [PHP parse/syntax errors; and how to solve them](https://stackoverflow.com/questions/18050071/php-parse-syntax-errors-and-how-to-solve-them). Also not a code issue, but another typo just in the text: `evrey` should be `every`. As a general rule, always double-check your work carefully. — ADyson, Jun 28 '23 at 21:09
calling `header` after outputting any content is liable to lead to errors `Warning: Cannot modify header information - headers already sent...` — Professor Abronsius, Jun 28 '23 at 21:09
@ProfessorAbronsius `$_SERVER["PHP_SELF"] is not considered safe`...true, for XSS, but I think that's been mitigated in this instance by wrapping it in htmlspecialchars(). Unless you think it's a danger in some other way too? Agree that it's basically redundant overall though. — ADyson, Jun 28 '23 at 21:11
@ADyson I think you are right that `htmlspecialchars` should have negated possible risks — Professor Abronsius, Jun 28 '23 at 21:19

How do I avoid an internal server error response code?

0 Answers0