Why is this php code not working?

Question

Why is this php code not working?

<?php
require_once($_SERVER['DOCUMENT_ROOT'].'/api_config.php');

error_reporting(E_ALL);
ini_set("display_errors", 1);
$loc = $_POST['u'];

//initialize the connection to the database
$config = $config['production'];
$con = mysql_connect($config['db']['host'], $config['db']['username'], $config['db']['password']) or die ("Unable to connect");
mysql_select_db ($config['db']['dbname'], $con) or die ("Unable to select database");
$query = "SELECT `location` FROM `active_users` WHERE name = '$loc'";
$result = mysql_query($query, $con) or die ("Unable to run query");

if (mysql_num_rows($result) > 0) { 
// yes, the user esists
    header("HTTP/1.0 200 Success"); 
    header('Content-Type: text/plain');
} else 
// no, user doesn't exist 
    header("HTTP/1.0 404 Not Found");
    header('Content-Type: text/plain');
} 
mysql_close($con);

?>

I get an error HTTP Error 500 (Internal Server Error):in my browser. What for?

+3

php

Yep Jun 18 '11 at 14:05

source share

2 answers

You also do not sanitize your inputs - you are running raw SQL, which is supposedly entered by the user. Turn this:

$query = "SELECT `location` FROM `active_users` WHERE name = '$loc'";

at

$query = "SELECT `location` FROM `active_users` WHERE name = '".mysql_real_escape_string($loc)."'";

+3

Christopher armstrong Jun 18 '11 at 14:14

source share

K6t · Accepted Answer · 2011-06-18T14:07:59+0000

You forgot to open else {.

Why is this php code not working?

More articles: