tags:

views:

73

answers:

4
Q: 

Internal Server Error on php submit with MySQL commands

I get an internal server error with the following code... any suggestions:

<form name="user" action="this.php" method="post">
<input type="text" name="description" id="description" value="" />

<input type="submit" name="" id="" value="Edit Page"  />    
</form>

There is no other code on the page, and it self submits fine UNLESS I place a MySQL query inside the text field, such as SELECT s FROM d WHERE 1=1

Then I get the following error:

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

I do have some .htaccess rules going on, but I don't know how that would effect a query that doesn't do anything or go anywhere...

A: 

The first place to look is your webserver log files.

The second place to look is http://stackoverflow.com/questions/60174/best-way-to-stop-sql-injection-in-php as I'd guess you are just stuffing whatever the user hands you into the SQL server without any sanitizing.

David Dorward  2009-12-30 23:23:45
I'm not submitting anything to the SQL server. That's the weird part. There's not even a connection to the SQL server in the script.
kylex  2009-12-31 05:53:54
A: 

With the limited information provided, what it sounds like is that you are sending a malformed sql query somehow, and you aren't catching the error returned by the mysql server. You need to look at what you are sending, and handle mysql errors.

Bill  2009-12-30 23:26:05
Nothing is going to a SQL server... at least not through the script. The code that I showed is all that is being sent. Nothing else exists in the script.
kylex  2009-12-31 05:49:08
A: 

Before execute, dump the content of $_POST[];

var_dump($_POST);

In development enviorment, it's good to enable error displaying:

display_errors(1);

Or in php.ini:

display_errors = On;
erenon  2009-12-30 23:26:22
+3  A: 

Seems to be rule of the evil mod_security. Are you on shared hosting? Generally you can disable all the module or specific rules via .htaccess file.

Y. Shoham  2009-12-30 23:28:21
You were right, it was a mod_security issue. Just had to whitelist the files being affected.
kylex  2009-12-31 15:05:14

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL