0

Ok. I am new to PHP and MySQL, and I am having problems. I have a website, edlineplus.x10host.com. What I am trying to do is given an IP address, username, and password...check if the IP is in the database 'auto_login' - if so, edit the associated username and password and, if not, add a new row with the IP and its data. Everything works fine when I access the site from my computer, but when I try to access the site from another computer...it takes a long time to load and even gives me the error: "Fatal error: Maximum execution time of 30 seconds exceeded in line [alternates between lines 4 and 7 in the code below]". I don't understand why this is. For reference, I am using x10hosting.com to host the website and they have a policy "Remote access is not allowed on free hosting account" (what I have). However, wouldn't the 'remote access' in question only apply if I was doing something from a remote server...what I am doing is having the data a user enter on my website sent to a php file that processes it. Also, would the 'remote access' issue prevent me from even connecting to the database from a different computer? There is no connecting to the database itself though. Any help with how to fix would be great....I googled so much for how to solve and I don't know what to do.

$results = mysqli_fetch_assoc(mysqli_query($connection, "SELECT `Identification Number`, `IP Address`, `Username`, `Password` FROM `subscribed_users` ORDER BY `Identification Number`"));

        $ip_address_found = false;

        while ($results) {
          $temp_identification_number = $results['Identification Number'];
          $temp_ip_address = $results['IP Address'];
          $temp_username = $results['Username'];
          $temp_password = $results['Password'];

          if ($ip_address == $temp_ip_address) {
            $ip_address_found = true;

            $protected_username = mysqli_real_escape_string($username);
            $protected_password = mysqli_real_escape_string($password);

            mysqli_query($connection, "UPDATE `subscribed_users` SET `Username` = '$protected_username', `Password` = '$protected_password' WHERE `subscribed_users`.`Identification Number` = $temp_identification_number;");

            break;
          }
        }

        if (!$ip_address_found) {
          $protected_username = mysqli_real_escape_string($username);
          $protected_password = mysqli_real_escape_string($password);

          mysqli_query($connection, "INSERT INTO `subscribed_users` (`Identification Number`, `IP Address`, `Username`, `Password`) VALUES (NULL, '$ip_address', '$protected_username', '$protected_password');");
        }

        mysqli_close($connection);
F. Zurita
  • 3
  • 5
  • 1
    your php code is taking longer than 30 seconds to execute, and they're terminating the process to prevent abuse of a free service. You are also vulnerable to [sql injection attacks](http://bobby-tables.com), using `@` to suppress errors is never a good sign, and then simply assuming that queries never fail is a very bad sign. – Marc B Jul 07 '16 at 20:29
  • Do not use @s, it's slowing your script down and hiding errors. Show how you are connecting to the database. – Daniel Kucal Jul 07 '16 at 20:31
  • @MarcB Ok, but the php code shouldn't be taking more than 30 seconds...It's a 4 column database with only 2 rows. Do you know why the code is taking so long?? – F. Zurita Jul 07 '16 at 20:31
  • ***Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).*** [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Jul 07 '16 at 20:31
  • no. you need to debug that yourself. add in some timing code to see where the slowdown(s) are occuring. and note that you can update multiple fields in a single `update` query. running two updates to update different fields in the same table is a waste of resources – Marc B Jul 07 '16 at 20:32
  • @DanielKucal Noted. – F. Zurita Jul 07 '16 at 20:33
  • @MarcB OK, but that still doesn't explain why then the code works fine on my computer. If it was taking so long to execute, wouldn't it also take that long when submitting data from my own computer? – F. Zurita Jul 07 '16 at 20:34
  • no. your server-side stuff is running in a completely different environment. different machines, different underlying oses/webservers, etc... "works here but not there" is meaningless, because here/there are totally different, except for the actual code. that's like saying "why did I get busted for smoking a joint at home, I didn't get busted when I smoked it in Amsterdam". – Marc B Jul 07 '16 at 20:39
  • @MarcB. No, I mean I uploaded all my files and set up mySQL on the x10hosting site. Then, I logged out and cleared all my computer cookies and what not. Afterwards, I went to edlineplus.x10host.com and submitted data and worked fine (submitted the data to the database). Then, I tried doing the same thing on my phone (submitting different username and password of course for testing)...but there is took really long to submit and then gave that timeout fatal error. – F. Zurita Jul 07 '16 at 20:44
  • @MarcB There are really only 2 possibilities here: (1) the while loop is infinite (which I don't think it is) or (2) this is a limitation with x10host.com's free plan. However, for (2) I have heard others say who had this error that even buying a paid plan didn't fix it. – F. Zurita Jul 07 '16 at 20:53
  • well, rather than trying to argue about what might be the cause, go instrument your code and figure out the actual reason. there's nothing in what you've posted that should take more than a second, and yet it is. so start digging. – Marc B Jul 07 '16 at 20:55
  • @JayBlanchard Edited. Better? Also, any idea on my problem? Does my code look like it should work? – F. Zurita Jul 07 '16 at 21:27
  • @F. Zurita looks like its free cloud hosting, do you get ssh access? if you do, start looking at mysql slow queries log and monitor php to what's taking so long. – unixmiah Jul 07 '16 at 21:35
  • @F. Zurita maybe that fact that you're on a cloud host, the database maybe hosted elsewhere and you may need to configure some type of security group, maybe you're using the wrong db host. They should give you an example of how to connect to their db. – unixmiah Jul 07 '16 at 21:38
  • @F. Zurita so are you connecting to a remote database? They most likely have remote access disabled on their hosting firewall. – unixmiah Jul 07 '16 at 21:40
  • 1
    **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Jul 07 '16 at 21:42

1 Answers1

1

First you should separate your query, like so:

$query = mysqli_query($connection, "SELECT `Identification Number`, `IP Address`, `Username`, `Password` FROM `subscribed_users` ORDER BY `Identification Number`");

Then change your while loop:

while ($results = mysqli_fetch_assoc($query))

The mysqli_fetch_assoc() function only fetches one row at a time. So essentially you were looping over the same row indefinitely, causing your error.

imtheman
  • 4,713
  • 1
  • 30
  • 30
  • If the OP only fetched one row then the while loop would've ended after one round, no? I agree the code is no good - these functions should not be nested. – Jay Blanchard Jul 07 '16 at 21:46
  • @JayBlanchard Only if `$ip_address == $temp_ip_address`, then it would have ended. If not, since `$results` wasn't changing, it would just loop over the same data that was fetched before. Thus causing the infinite loop. – imtheman Jul 07 '16 at 21:50
  • Seems plausible, makes sense. Out of curiosity I'll test this at some point more for my own edification than anything else. – Jay Blanchard Jul 07 '16 at 21:54
  • @JayBlanchard Thank you. If I do happen to be wrong, let me know. I don't think I am though. ;) – imtheman Jul 07 '16 at 21:58