0
<?php
include "config.php";
if(isset($_GET['id'])){
    $id=$_GET['id'];
    echo'$id';
    $stat=$db->prepare("select * from contents where cid='$id'");
    $stat->bindParam(1,$id);
    $stat->execute();
    $data=$stat->fetch();

    $file='files/'.$data['document'];
    if(file_exists($file)){
        header('Content description: '.$data['document']);
        header('Content-length'.filesize($file));
        readfile($file);
        exit;
    }
}
?>

This is a script to download files from a phpmyadmin database (named contents)which contains the columns docid,cid,document,notification. When i execute this script i get the following error message:

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at postmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log

I'm a complete beginner to both stack overflow as well as programming, so please forgive me if there is any error in my code or in my formatting of the question

user3783243
  • 4,418
  • 5
  • 14
  • 34
Kevin
  • 67
  • 2
  • `Content description` isn't a valid HTTP header... – Lars Stegelitz Feb 27 '21 at 12:40
  • so what should i do to resolve this error? – Kevin Feb 27 '21 at 12:45
  • 3
    First thing: have a look into the webservers error logs, they should contain more information about the actual error (internal server error = http 500 -> always check log files) – Lars Stegelitz Feb 27 '21 at 12:46
  • There is no such thing as `phpmyadmin database`. PHPmyadmin is a UI for interacting with mysql database. – user3783243 Feb 27 '21 at 12:56
  • 2
    The issue likely actually is the incorrect prepared statement usage. You need to use a placeholder in the query. `select * from contents where cid=?` Also if you only need `document` change the `*` to that in the select list. – user3783243 Feb 27 '21 at 12:57
  • Remove the `echo'$id';` line. Calling `header()` after an `echo` will trigger a "headers already sent" warning. This should only be a warning though and not enough reason to trigger a 500 error. You should check your server logs or [enable error reporting temporarily](https://stackoverflow.com/q/1053424/1941241). – rickdenhaan Feb 27 '21 at 13:32

0 Answers0