princeofpersia Posted May 16, 2011 Share Posted May 16, 2011 Hi guys, I had my code working fine as a login page untill I added sprintf and mysql_real_escape_string and since then when i test the form to login, server keep loading and then come up with this msg Fatal error: Maximum execution time of 30 seconds exceeded in ../Dashboard/index.php on line 35 which is (Line 35) while($row=mysql_fetch_array(mysql_query($getpin))){ I have my code below, can u please help me what is wrong? im coding in dreamweaver and it doesnt have any error in there. <?php include ('includes/db/db.php'); ?> <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8" /> <title></title> <link rel="stylesheet" href="./css/reset.css" type="text/css" media="screen" title="no title" /> <link rel="stylesheet" href="./css/text.css" type="text/css" media="screen" title="no title" /> <link rel="stylesheet" href="./css/form.css" type="text/css" media="screen" title="no title" /> <link rel="stylesheet" href="./css/buttons.css" type="text/css" media="screen" title="no title" /> <link rel="stylesheet" href="./css/login.css" type="text/css" media="screen" title="no title" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /></head> <body> <div id="login"> <h1>Dashboard</h1> <?php if (isset($_POST['login']) && $_POST['login']){ $email=addslashes(strip_tags($_POST['email'])); $in_password=addslashes(strip_tags($_POST['password'])); $pin=addslashes(strip_tags($_POST['pin'])); $password=md5($in_password); if (!$email || !$in_password || !$pin) echo "<div class='error'>Please fill all required fields</div>"; else{ $getpin=sprintf("SELECT * FROM users WHERE UserEmail='%s' AND UserPassword='%s'", mysql_real_escape_string($email) , mysql_real_escape_string($password)); while($row=mysql_fetch_array(mysql_query($getpin))){ $pin_email=$row['UserEmail']; $pin_id=$row['UserId']; $pin_company_id=$row['company_id']; $pass=$row['UserPassword']; } $get=sprintf("SELECT pin FROM company WHERE company_id='%s' AND active='%s'", mysql_real_escape_string($pin_company_id), mysql_real_escape_string(1)) ; while($row=mysql_fetch_array(mysql_query($get))){ $pin_num= $row['pin']; } if($password==$pass && $pin_num==$pin && $email==$pin_email) { echo"success"; } else { echo "<div class='error'>Login Failed, Login details are incorrect!</div>"; } } } ?> <div id="login_panel"> <form action="" method="post" accept-charset="utf-8" /> <div class="login_fields"> <div class="field"> <label for="email">Email</label> <input type="text" name="email" value="" id="email" tabindex="1" placeholder="email@example.com" /> </div> <div class="field"> <label for="password">Password <small><a href="forgotpassword.php">Forgot Password?</a></small></label> <input type="password" name="password" value="" id="password" tabindex="2" placeholder="password" /> <div class="field"> <label for="pin">Pin Number</small></label><input type="password" name="pin" value="" id="password" tabindex="2" placeholder="pin"/> </div> </div> </div> <!-- .login_fields --> <div class="login_actions"> <input type="submit" name="login" value="Login" class="btn btn-grey"/> </div> </form> </div> <!-- #login_panel --> </div> <!-- #login --> </body> </html> thanks you all in advance. Quote Link to comment Share on other sites More sharing options...
princeofpersia Posted May 16, 2011 Author Share Posted May 16, 2011 any one? Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted May 16, 2011 Share Posted May 16, 2011 Don't put the query in the while statement. When you do that, you're re-executing the query every time. Do something like <?php $getpin=sprintf("SELECT * FROM users WHERE UserEmail='%s' AND UserPassword='%s'", mysql_real_escape_string($email) , mysql_real_escape_string($password)); $rs = mysql_query($getpin); while($row=mysql_fetch_assoc($rs)){ ?> Ken Quote Link to comment Share on other sites More sharing options...
princeofpersia Posted May 16, 2011 Author Share Posted May 16, 2011 thanks ken, ill give it a try Quote Link to comment Share on other sites More sharing options...
princeofpersia Posted May 16, 2011 Author Share Posted May 16, 2011 worked like charm, u r an start Ken, thanks mate Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted May 16, 2011 Share Posted May 16, 2011 And don't use addslashes along with mysql_real_escape_string. In fact, don't use addslashes at all with MySQL. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.