0

Ok. I am new to PHP and MySQL, and I am having problems. I have a website, edlineplus.x10host.com. What I am trying to do is given an IP address, username, and password...check if the IP is in the database 'auto_login' - if so, edit the associated username and password and, if not, add a new row with the IP and its data. Everything works fine when I access the site from my computer, but when I try to access the site from another computer...it takes a long time to load and even gives me the error: "Fatal error: Maximum execution time of 30 seconds exceeded in line [alternates between lines 4 and 7 in the code below]". I don't understand why this is. For reference, I am using x10hosting.com to host the website and they have a policy "Remote access is not allowed on free hosting account" (what I have). However, wouldn't the 'remote access' in question only apply if I was doing something from a remote server...what I am doing is having the data a user enter on my website sent to a php file that processes it. Also, would the 'remote access' issue prevent me from even connecting to the database from a different computer? There is no connecting to the database itself though. Any help with how to fix would be great....I googled so much for how to solve and I don't know what to do.

$results = mysqli_fetch_assoc(mysqli_query($connection, "SELECT `Identification Number`, `IP Address`, `Username`, `Password` FROM `subscribed_users` ORDER BY `Identification Number`"));

        $ip_address_found = false;

        while ($results) {
          $temp_identification_number = $results['Identification Number'];
          $temp_ip_address = $results['IP Address'];
          $temp_username = $results['Username'];
          $temp_password = $results['Password'];

          if ($ip_address == $temp_ip_address) {
            $ip_address_found = true;

            $protected_username = mysqli_real_escape_string($username);
            $protected_password = mysqli_real_escape_string($password);

            mysqli_query($connection, "UPDATE `subscribed_users` SET `Username` = '$protected_username', `Password` = '$protected_password' WHERE `subscribed_users`.`Identification Number` = $temp_identification_number;");

            break;
          }
        }

        if (!$ip_address_found) {
          $protected_username = mysqli_real_escape_string($username);
          $protected_password = mysqli_real_escape_string($password);

          mysqli_query($connection, "INSERT INTO `subscribed_users` (`Identification Number`, `IP Address`, `Username`, `Password`) VALUES (NULL, '$ip_address', '$protected_username', '$protected_password');");
        }

        mysqli_close($connection);
Improve this question
16
  • 1
    your php code is taking longer than 30 seconds to execute, and they're terminating the process to prevent abuse of a free service. You are also vulnerable to sql injection attacks, using @ to suppress errors is never a good sign, and then simply assuming that queries never fail is a very bad sign. Commented Jul 7, 2016 at 20:29
  • Do not use @s, it's slowing your script down and hiding errors. Show how you are connecting to the database. Commented Jul 7, 2016 at 20:31
  • @MarcB Ok, but the php code shouldn't be taking more than 30 seconds...It's a 4 column database with only 2 rows. Do you know why the code is taking so long?? Commented Jul 7, 2016 at 20:31
  • Please stop using mysql_* functions. These extensions have been removed in PHP 7. Learn about prepared statements for PDO and MySQLi and consider using PDO, it's really pretty easy. Commented Jul 7, 2016 at 20:31
  • 1
    Never store plain text passwords! Please use PHP's built-in functions to handle password security. If you're using a PHP version less than 5.5 you can use the password_hash() compatibility pack. Make sure you don't escape passwords or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding. Commented Jul 7, 2016 at 21:42

1 Answer 1

Reset to default
1

First you should separate your query, like so:

$query = mysqli_query($connection, "SELECT `Identification Number`, `IP Address`, `Username`, `Password` FROM `subscribed_users` ORDER BY `Identification Number`");

Then change your while loop:

while ($results = mysqli_fetch_assoc($query))

The mysqli_fetch_assoc() function only fetches one row at a time. So essentially you were looping over the same row indefinitely, causing your error.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

If the OP only fetched one row then the while loop would've ended after one round, no? I agree the code is no good - these functions should not be nested.
@JayBlanchard Only if $ip_address == $temp_ip_address, then it would have ended. If not, since $results wasn't changing, it would just loop over the same data that was fetched before. Thus causing the infinite loop.
Seems plausible, makes sense. Out of curiosity I'll test this at some point more for my own edification than anything else.
@JayBlanchard Thank you. If I do happen to be wrong, let me know. I don't think I am though. ;)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.