CODEWITHSUNDEEP
phpmysqlpdo
Joel
Joel

Reputation: 47

Database Error HY000

My code working fine , but i got this error :

SQLSTATE[HY000]: General error

I searching on google and someone say that it's may SQLi
What is this ? And how can i fix that ?
thanks and sorry for my poor english

    try{
        $db_con = new PDO("mysql:host={$db_host};dbname={$db_name}",$db_user,$db_pass);
        $db_con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        // Anti Brute Forced
        $stmt = $db_con->prepare("
            SELECT * FROM users
        ");
        $stmt->execute();
        while ($row = $stmt->fetch(PDO::FETCH_ASSOC)){
            $users_username = $row["users_username"];
            $users_password = $row["users_password"];
            $users_wrong_password = $row["users_wrong_password"];
            if ($users_wrong_password <= 3 && isset($_GET["username"],$_GET["password"]) && $_GET["username"] == $users_username && $_GET["password"] != $users_password){
                $u = $users_wrong_password + 1;
                $g = 0;
                $g = $_GET['username'];
                $stmt = $db_con->prepare("
                    UPDATE users
                    SET users_wrong_password = $u
                    WHERE users.users_username = '$g'
                ");
                $stmt->execute();
            }
            if ($_GET["username"] == $users_username && $users_wrong_password >= 4){
                echo "Your Account Was Banned For 1 Hours";
                die;
            }
        }
        $g = $_GET['username'];
        $stmt = $db_con->prepare("SELECT * FROM users where users_username = '$g'");
        $stmt->execute();
        while ($row = $stmt->fetch(PDO::FETCH_ASSOC)){
            $ss = $row["users_wrong_password"];
        }
        if($ss <= 3){
            $g = 0;
            $g = $_GET['username'];
            $stmt = $db_con->prepare("
                UPDATE users
                SET users_wrong_password = 0
                WHERE users_username = '{$_GET['username']}'
            ");
            $stmt->execute();
        }
        // Anti Brute Forced

[Solved] Edit:

		$g = $_GET['username'];
		$p = $_GET['password'];
		$stmt = $db_con->prepare("
			SELECT * FROM users where users_username = '$g' and users_password = '$p'
		");

Upvotes: 0

Views: 19625

Answers (2)

Renato Junior
Renato Junior

Reputation: 41

I found this problem in a similar another way

"errorInfo":["HY000"]

How does "HY000" error happen?

It happens when you are updating, deleting or inserting data with PDO, and you try to fetch it's result.

The solution, just do not use fetch or fetchAll methods after executing an updating, deleting or inserting. Surely, it does not make sense to fetch it's result!

Example:
        $stmt = $db_con->prepare("
            UPDATE users SET name = 'Renato' WHERE ID = 0
        ");
        $stmt->execute();
        $stmt->fetch(PDO::FETCH_ASSOC); // The mistake is here, just remove this line
        $stmt->fetchAll(PDO::FETCH_ASSOC); // It will cause troubles too, remove it

Solving the problem in a loop

The solution is changing the statement variable name inside loop, or fetch all before starting loop:

Solution: Changing variable name

        $stmt = $db_con->prepare("
            SELECT * FROM users
        ");
        $stmt->execute();

        while ($row = $stmt->fetch(PDO::FETCH_ASSOC)){
                // ...
                // This is another statment
                $another_stmt = $db_con->prepare("
                    UPDATE users
                    SET users_wrong_password = $u
                    WHERE users.users_username = '$g'
                ");
                $another_stmt->execute();
        }

Solution: Fetch all data from query before loop

        $stmt = $db_con->prepare("
            SELECT * FROM users
        ");
        $stmt->execute();
        
        // Everything is fetched here
        $results = $stmt->fetchAll(PDO::FETCH_ASSOC)
        foreach($results as $row){ // Another way to loop through results
                $stmt = $db_con->prepare("
                    UPDATE users
                    SET users_wrong_password = $u
                    WHERE users.users_username = '$g'
                ");
                $stmt->execute(); // Be happy with no troubles
        }

Upvotes: 2

Jose Marques
Jose Marques

Reputation: 748

I think there are multiple preparations of the same query. Solution Get the query preparation out of the while.

code:

//... your code 
$stmt1 = $db_con->prepare("
         UPDATE users
         SET users_wrong_password = $u
         WHERE users.users_username = '$g'
");

$stmt->execute();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)){
     $users_username = $row["users_username"];
     $users_password = $row["users_password"];
     $users_wrong_password = $row["users_wrong_password"];
     if ($users_wrong_password <= 3 && isset($_GET["username"],$_GET["password"]) && $_GET["username"] == $users_username && $_GET["password"] != $users_password){
                        $u = $users_wrong_password + 1;
                        $g = 0;
                        $g = $_GET['username'];
    $stmt1->execute();
    //...
}

Upvotes: 1

Related Questions