1415

Internal Server Error on php submit with MySQL commands

Question:

I get an internal server error with the following code... any suggestions:

<form name="user" action="this.php" method="post"> <input type="text" name="description" id="description" value="" /> <input type="submit" name="" id="" value="Edit Page" /> </form>

There is no other code on the page, and it self submits fine UNLESS I place a MySQL query inside the text field, such as SELECT s FROM d WHERE 1=1

Then I get the following error:

<blockquote>

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@test.info and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

</blockquote>

I do have some .htaccess rules going on, but I don't know how that would effect a query that doesn't do anything or go anywhere...

Answer1:

Seems to be rule of the evil <strong>mod_security</strong>. Are you on shared hosting? Generally you can disable all the module or specific rules via <em>.htaccess</em> file.

Answer2:

The first place to look is your webserver log files.

The second place to look is <a href="https://stackoverflow.com/questions/60174/best-way-to-stop-sql-injection-in-php" rel="nofollow">How can I prevent SQL injection in PHP?</a> as I'd guess you are just stuffing whatever the user hands you into the SQL server without any sanitizing.

Answer3:

Before execute, dump the content of $_POST[];

var_dump($_POST);

In development enviorment, it's good to enable error displaying:

display_errors(1);

Or in php.ini:

display_errors = On;

Answer4:

With the limited information provided, what it sounds like is that you are sending a malformed sql query somehow, and you aren't catching the error returned by the mysql server. You need to look at what you are sending, and handle mysql errors.

Recommend

  • Sending Audio file/blob from UI to Servlet for saving at server.
  • What happens if the origin web server sets the expires value in response header as a time which is p
  • What happens if the origin web server sets the expires value in response header as a time which is p
  • Get around java's try/catch and keep the code clean without returning a null
  • php mysql htaccess used for the first time
  • Recursive function for matrix determinant calculator
  • PHP multiple file uploads
  • PDO error when wrong host name
  • Magento get URL before current
  • Prevent Tomcat from caching request during starup
  • Hibernate to update table schema
  • MYSQ & MVC3 SQL connection error \\ ProviderManifestToken but I am using MySQL
  • How do I signal completion of my dataflow?
  • Unable to install Git-core+svn by MacPorts
  • Unable to decode certificate at client new X509Certificate2()
  • How to use JavaScript to determine whether a file exists in a directory?
  • Excel's Macro-Recorder usage
  • How to use carriage return with multiple line?
  • Moving mysql files across servers
  • The plugin 'org.apache.maven.plugins:maven-jboss-as-plugin' does not exist or no valid ver
  • Launch Runnable Jar from Web Start
  • Sony Xperia Z Tablet not found by adb
  • How to recover from a Spring Social ExpiredAuthorizationException
  • How to redirect a user to a different server and include HTTP basic authentication credentials?
  • How to check if every primary key value is being referenced as foreign key in another table
  • Running a C# exe file
  • Symfony2: How to get request parameter
  • Weird JavaScript statement, what does it mean?
  • ORA-29908: missing primary invocation for ancillary operator
  • How can I estimate amount of memory left with calling System.gc()?
  • How to get next/previous record number?
  • Akka Routing: Reply's send to router ends up as dead letters
  • Numpy divide by zero. Why?
  • Comma separated Values
  • log4net write single file for each call to log.info
  • Getting error when using KSoap library to consume .NET web services
  • Hits per day in Google Big Query
  • How do you join a server to an Active Directory (domain)?
  • need help with bizarre java.net.HttpURLConnection behavior
  • How does Linux kernel interrupt the application?