-2

My code:

...
//Connect to the Database
include '../config.php';
...
if (isset($_POST['submit'])) {
    $name = mysqli_real_escape_string($conn, $_POST['name']);
    $email = mysqli_real_escape_string($conn, $_POST['email']);
    $password = mysqli_real_escape_string($conn, md5($_POST['password']));
    $confirm_password = mysqli_real_escape_string($conn, md5($_POST['confirm-password']));
    $code = mysqli_real_escape_string($conn, md5(rand()));

    // Check if the user's IP address is blocked
    $userIP = getUserIP();
    $sqlBlocked = "SELECT * FROM blocked WHERE ip_address = '$userIP' OR email = '$email'";
    $resultBlocked = mysqli_query($conn, $sqlBlocked);
...

This is a code that I wrote and it is about blocking a certain use by Email or IP. This works when using XAMPP, but when I upload it to my Website and try to run it it always returns:

Fatal error: Uncaught mysqli_sql_exception: MySQL server has gone away in line $resultBlocked = mysqli_query($conn, $sqlBlocked);

How do I fix this issue?

NOTE:

Similar Articles like this or this one does NOT help or solve my case.

Dharman
  • 30,962
  • 25
  • 85
  • 135
Illanser
  • 123
  • 10
  • 3
    Even if this is not directly related to your question: keep in mind that you should use prepared statements to avoid getting hacked through SQL injections, not manual escaping – Nico Haase Aug 27 '23 at 12:19
  • @NicoHaase Thanks for the tip. This is a basic code and I'm planning to make it more secure in the feature. – Illanser Aug 27 '23 at 12:21
  • 3
    besides the sql inejction, which you should fix first, your select takes to long so change the time out or optimize the query – nbk Aug 27 '23 at 12:26
  • Did you add indexes of the fields ip_address and email to the table ? such as : `CREATE INDEX ip_address ON blocked (ip_address);` and `CREATE INDEX email ON blocked (email);` – Ken Lee Aug 27 '23 at 12:38
  • 3
    You are welcome. Have a nice day. (Reminder: please remember to change your queries to parameterized prepared statements which are resilient against SQL injection attacks - such changes are not difficult at all so please spend some time to change the code) – Ken Lee Aug 27 '23 at 13:03
  • 3
    High speed hashes like MD5 and SHA1 are considered broken for security purposes and are not sufficient for password hashing. Instead use [`password_hash()`](http://us3.php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://us3.php.net/manual/en/function.password-verify.php). See [this page](https://www.php.net/manual/en/faq.passwords.php) for more details and [here](https://alexwebdevelop.com/php-password-hashing/) for a good tutorial. – Alex Howansky Aug 27 '23 at 14:04
  • What happens when you run the `SELECT * FROM blocked` query manually, like via the CLI? – Alex Howansky Aug 27 '23 at 14:05
  • 2
    Couple of things you will have to check: 1. MySQL Timeout config 2. How much time query is taking to execute. Is it a slow query? 3. If #2 yes, why would you select all the columns since you're checking if the IP is blocked or not, you can simply take COUNT of it. – Mohammed Jhosawa Aug 27 '23 at 17:58
  • 2
    Search in all files for `mysqli_close()` and if you find it, remove it. – Dharman Aug 27 '23 at 18:21

0 Answers0