PHP while lookp taking too long to execute

[phgstudy]

Hello!

I'm working on a login form, but the while loop takes longer than 120 seconds to run, and then an expiry error is thrown.

Here's the code:-

 

$res=mysqli_query($con,"select username,password from users");

  

         $row=mysqli_fetch_array($res);

         while($row)

         {

                if($username==$row["username"] && $password==$row["password"])

                {

                       echo "LOGIN SUCCESSFUL!";

                }

                else

                {

                       echo "LOGIN Failed!";

                } 

[benanamen]

You are missing a where clause. Your query is selecting all of the usernames and passwords in the whole database. Your whole code is flawed. I'm sure others will give you more feedback.

Edited October 10, 2016 by benanamen

[requinix]

There really isn't much more to say than that. The query is retrieving every single user in the database. That's slow. If you used a WHERE to only retrieve the user with the matching username then it would happen in less than a second (probably).

 

Well, one more thing. Are you hashing passwords? It doesn't look like it. You need to.

[mac_gyver]

your loop is also looping forever (until the php time limit is reached), since the condition being tested by the loop is a fixed value.

 

you don't even need a loop for what you are doing.

 

your sql query should be trying to match one row, based on the username. if the username/one row is found, you would fetch that one row, then verify if the hashed version of the entered password matches the hashed password from when the user registered. see php's password_hash() and password_verify() functions for this.

[davidweb09]

please add where in your query for execute it properly.