500 Internal Server Error When Sending to another URL

Question

I've created a simple User Verification when existing. When I run the code, I can't send it to the login.php and I've encountered this image

if (isset($_POST['addAccount'])) {
    $con = connection();

    $email = $_POST['email'];
    $username = $_POST['username'];
    $password = $_POST['password'];
    $checkIfExisting = mysqli_query($con, "SELECT * FROM `admin_table` Where `username` = '$username' or `email` = '$email'");
    
    if (!mysqli_num_rows($checkIfExisting) > 0) {
        $stmt = $con->prepare("INSERT INTO `admin_table` (`email`, `username`, `password`) VALUE('$email','$username','$password')");
        $stmt->execute();
        header("Location : login.php");
    } else {
        header("Location:register.php?alert=login_failed ");

        exit;
    }

    // $stmt = $con->prepare("INSERT INTO `admin_table` (`email`, `username`, `password`) VALUE('$email','$username','$password')");

    // header("Location: login.php");

    // $stmt->execute();
}

But when I return the previous code, which is the comment side and delete the checkExisting, it works .

I can successfully save the new account, but redirecting it to the login.php shows an internal error

Take a look into prepared statements, never store plain text passwords — brombeer, May 18 '22 at 04:59
Take a look at your servers error logs to see what might have caused the error — brombeer, May 18 '22 at 04:59
@brombeer I can successfully add it to the database, everything is good, but the problem is when redirecting it to the login.php, it shows the internal error — Zurcemozz, May 18 '22 at 04:59
header("Location : login.php"); Get rid of spaces in "Location :", need to be "Location: login.php" — Elvis Pimentel, May 18 '22 at 05:02
**Warning:** Your code is vulnerable to SQL Injection attacks. You should use prepared statements **and parameters** to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. It's almost pointless to use prepared statements if you don't also use parameters! — ADyson, May 18 '22 at 08:22
https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also the [mysqli documentation](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) and this: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. If you learnt your current technique from a tutorial or book, please don't use it again. — ADyson, May 18 '22 at 08:22

500 Internal Server Error When Sending to another URL

0 Answers0