PHP not running when trying to connect to MySQL database

Question

I'm trying to create a simple web page that will allow students to sign out for the day using just their school username.

I have written some code to take the users input from the HTML form called "Username" and connect to a database containing all the students usernames. It will then find the student's details within the database and sign them out.

So far all the client side code works, but as soon as the PHP try's to connect to the database, everything stops running and no error codes appear apart from the occasional HTTP 500 Error depending on which part of the code I isolate?

<html>
<head>
<?php include 'head.php'; ?>
</head>
<body>


<form method="post" action="/index.php" class="login_form">
        <input type="text" name="Username" placeholder="School Username">
        <input type="submit" value="Sign Out">
</form>

<?php
        session_start();

                // These details are used for logging in
                $sql_servername = "localhost";
                $sql_username = "root";
                $sql_password = "NotaRealPassword";
                $sql_database = "student_info";

                $username = $_POST['Username'];

                echo "Test 1";
                // Create connection
                $con = mysqli_connect($sql_servername, $sql_username, $sql_password, $sql_database);
                echo "Test 2";
                // Check Connection
                if (!$con){
                        die("Connection Failed: " . mysql_error());
                }
                echo "Connected To Database Sucessfully! ";
                echo "Test 3";
                //Perform Queries
                $result = mysql_query(con, "SELECT user_name, first_name, last_name FROM student_id WHERE user_name='" . $username  . "';");

                echo "Test 4";
                echo "Username: " . $username . "<br>";
                echo "Username: " . $UN . "<br>";
                echo "First Name: " . $FN . "<br>";
                echo "Last Name: " . $LN . "<br>";
                echo "Database Output: " . $result;

                //Close Connection
                mysqli_close($con);

?>

You are wide open to [SQL Injections](http://php.net/manual/en/security.database.sql-injection.php) and should really use [Prepared Statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead of concatenating your queries. Specially since you're not escaping the user inputs at all! — Magnus Eriksson, Jul 12 '17 at 12:28
Note that if your strings contain characters like `{}` you should probably put it in a single quoted string as php might expect a variable if you don't. And don't mix mysql and mysqli. — jeroen, Jul 12 '17 at 12:30
Please add error_reporting(E_ALL) on top of the page inside PHP tag `` Which can easily help to identify error. — Shyam Shingadiya, Jul 12 '17 at 12:30
A 500 error just means that something went wrong on the server side. Check your error log for the actual message, or better yet, enable "display_errors". Here's how: https://stackoverflow.com/questions/5438060/showing-all-errors-and-warnings — Magnus Eriksson, Jul 12 '17 at 12:30
A 500 error means there was an error in the server-side code. Check the PHP logs, turn on error reporting. You need to find out what the actual error is before you can resolve it. Casual observations about your code... You're mixing `mysql_*` functions with `mysqli_*` functions, you can't do that. And your code is wide open to SQL injection, which means that SQL query could be *anything*. — David, Jul 12 '17 at 12:31
is this 1 file? If so: put the php-part above the html part. You do not want to show the empty form while processing. On top of that: headers, like session_start() is, should come before any output. So this whole piece of html IS output and will lead to an error : headers-already-sent — Ivo P, Jul 12 '17 at 12:34
you are using mysqli_connect to connect to database while using mysql to query and show error? use one — Exprator, Jul 12 '17 at 12:34
in addition to replacing all the `mysql_` by `mysqli_` as suggested in an answer, you forgot a `$` in your variable here: `mysql_query(con, ` that should become `mysqli_query($con, ` — Kaddath, Jul 12 '17 at 12:35
Please read the comments and try stuff instead of updating your question. — Magnus Eriksson, Jul 12 '17 at 12:35
@dalelandry I think enough people have mentioned that by now. Please don't flood the comment section with identical suggestions. — Magnus Eriksson, Jul 12 '17 at 12:39

score 2 · Accepted Answer · edited Jul 12 '17 at 15:02

2

You are mixing mysqli_* and mysql_*, don't think that makes sense. Also as mentioned in the comments, this is unsafe - it puts you at risk of SQL injection. Take a look at PDO.

The query you want to execute, needs the $con variable, yet you forgot to write the $. Which means you'd get an error.

$result = mysql_query(con, "SELECT user_name, first_name, last_name FROM student_id WHERE user_name='" . $username  . "';");

Should be, but also should not be:

$result = mysqli_query($con, "SELECT user_name, first_name, last_name FROM student_id WHERE user_name='" . $username  . "';");

edited Jul 12 '17 at 15:02

halfer

18,701
13
79
158

answered Jul 12 '17 at 12:37

Jeroen Bellemans

1,951
2
21
38

4

I don't think we should be saying that it should be a piece of code with a SQL injection vulnerability in it. Beginners in the future will look at that authoritative statement that think that it is safe. – halfer Jul 12 '17 at 12:38
Well, I said that in the first paragraph though. – Jeroen Bellemans Jul 12 '17 at 13:05
1

Ah, I missed it, apologies. I guess that means a beginner reader might do so as well, though `:-)` – halfer Jul 12 '17 at 15:03
That's why Stackoverflow exists. We're here to help you :D – Jeroen Bellemans Jul 13 '17 at 07:04

Martin · Answer 2 · 2017-07-12T12:48:13.597

1) Your session_start() is in the wrong place.

2) You're mixing mysql_ with mysqli_ PHP functions. They are not compatible.

3) As referenced in comments you are referencing a variable but you've forgotten to add the $ , so it's actually be assumed to be a CONSTANT (which is undefined).

4) You would have found all of these things out yourself if you've used PHP Error reporting.

5) Your MySql result ($result = mysql_query(...)) is not usable, it's an SQL result and not something PHP can naturally handle.

As a worse case fix you want to be using $output = mysqli_fetch_array($result); or similar methods to turn the result into usable PHP variables. Even better if you read point 6 and employ Prepared Statements.

6) Your SQL code is unsafe and you should urgently look at using PHP Prepared Statements.

Please read suggestion 4 again, and now you've read it twice, read it a third time and checkout the link. This suggestion will save you hours of time, and will help you learn your craft, rather than asking Stack Overflow for answers. Cheers.

PHP not running when trying to connect to MySQL database

2 Answers2