[英]Database Error HY000
My code working fine , but i got this error :我的代码工作正常,但出现此错误:
SQLSTATE[HY000]: General error
SQLSTATE[HY000]:一般错误
I searching on google and someone say that it's may SQLi我在谷歌上搜索,有人说它可能是 SQLi
What is this ?这是什么 ? And how can i fix that ?
我该如何解决?
thanks and sorry for my poor english感谢并为我糟糕的英语感到抱歉
try{
$db_con = new PDO("mysql:host={$db_host};dbname={$db_name}",$db_user,$db_pass);
$db_con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// Anti Brute Forced
$stmt = $db_con->prepare("
SELECT * FROM users
");
$stmt->execute();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)){
$users_username = $row["users_username"];
$users_password = $row["users_password"];
$users_wrong_password = $row["users_wrong_password"];
if ($users_wrong_password <= 3 && isset($_GET["username"],$_GET["password"]) && $_GET["username"] == $users_username && $_GET["password"] != $users_password){
$u = $users_wrong_password + 1;
$g = 0;
$g = $_GET['username'];
$stmt = $db_con->prepare("
UPDATE users
SET users_wrong_password = $u
WHERE users.users_username = '$g'
");
$stmt->execute();
}
if ($_GET["username"] == $users_username && $users_wrong_password >= 4){
echo "Your Account Was Banned For 1 Hours";
die;
}
}
$g = $_GET['username'];
$stmt = $db_con->prepare("SELECT * FROM users where users_username = '$g'");
$stmt->execute();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)){
$ss = $row["users_wrong_password"];
}
if($ss <= 3){
$g = 0;
$g = $_GET['username'];
$stmt = $db_con->prepare("
UPDATE users
SET users_wrong_password = 0
WHERE users_username = '{$_GET['username']}'
");
$stmt->execute();
}
// Anti Brute Forced
[Solved] Edit: [已解决] 编辑:
$g = $_GET['username']; $p = $_GET['password']; $stmt = $db_con->prepare(" SELECT * FROM users where users_username = '$g' and users_password = '$p' ");
I think there are multiple preparations of the same query.我认为同一个查询有多种准备。 Solution Get the query preparation out of the while.
解决方案立即进行查询准备。
code:代码:
//... your code
$stmt1 = $db_con->prepare("
UPDATE users
SET users_wrong_password = $u
WHERE users.users_username = '$g'
");
$stmt->execute();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)){
$users_username = $row["users_username"];
$users_password = $row["users_password"];
$users_wrong_password = $row["users_wrong_password"];
if ($users_wrong_password <= 3 && isset($_GET["username"],$_GET["password"]) && $_GET["username"] == $users_username && $_GET["password"] != $users_password){
$u = $users_wrong_password + 1;
$g = 0;
$g = $_GET['username'];
$stmt1->execute();
//...
}
I found this problem in a similar another way我以另一种类似的方式发现了这个问题
"errorInfo":["HY000"]
“错误信息”:[“HY000”]
It happens when you are updating , deleting or inserting data with PDO, and you try to fetch it's result .当您使用 PDO更新、删除或插入数据并尝试获取其结果时,就会发生这种情况。
The solution, just do not use fetch or fetchAll methods after executing an updating, deleting or inserting .解决方案是,在执行更新、删除或插入后不要使用 fetch 或 fetchAll 方法。 Surely, it does not make sense to fetch it's result!
当然,获取它的结果是没有意义的!
$stmt = $db_con->prepare("
UPDATE users SET name = 'Renato' WHERE ID = 0
");
$stmt->execute();
$stmt->fetch(PDO::FETCH_ASSOC); // The mistake is here, just remove this line
$stmt->fetchAll(PDO::FETCH_ASSOC); // It will cause troubles too, remove it
The solution is changing the statement variable name inside loop , or fetch all before starting loop :解决方案是在循环内更改语句变量名称,或在开始循环之前获取所有内容:
$stmt = $db_con->prepare("
SELECT * FROM users
");
$stmt->execute();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)){
// ...
// This is another statment
$another_stmt = $db_con->prepare("
UPDATE users
SET users_wrong_password = $u
WHERE users.users_username = '$g'
");
$another_stmt->execute();
}
$stmt = $db_con->prepare("
SELECT * FROM users
");
$stmt->execute();
// Everything is fetched here
$results = $stmt->fetchAll(PDO::FETCH_ASSOC)
foreach($results as $row){ // Another way to loop through results
$stmt = $db_con->prepare("
UPDATE users
SET users_wrong_password = $u
WHERE users.users_username = '$g'
");
$stmt->execute(); // Be happy with no troubles
}
In order to help advance the horizon of human understand, and because Stackoverflow is a combination of Reddit and Wikipedia , i add the following information to help others.为了帮助推进人类理解的视野,并且因为Stackoverflow 是 Reddit 和 Wikipedia 的组合,我添加了以下信息以帮助其他人。
These error codes are defined by the SQL standard itself, and are not specific to mysql, Postgres, or any other database.这些错误代码由 SQL 标准本身定义,并不特定于 mysql、Postgres 或任何其他数据库。 The
HY000
SQLSTATE error code is part of the HYxxx
series of error codes - which are for client errors (caller): HY000
SQLSTATE错误代码是HYxxx
系列错误代码的一部分 - 用于客户端错误(调用方):
| SQLSTATE Class | Meaning
|----------------|--------------------------------------------------|
| 00xxx | Unqualified Successful Completion |
| 01xxx | Warning |
| 02xxx | No Data |
| 07xxx | Dynamic SQL Error |
| 08xxx | Connection Exception |
| 09xxx | Triggered Action Exception |
| 0Axxx | Feature Not Supported |
| 0Fxxx | Invalid Token |
| 0Kxxx | Resignal When Handler Not Active |
| 0Nxxx | SQL/XML Mapping Error |
| 10xxx | XQuery Error |
| 20xxx | Case Not Found for Case Statement |
| 21xxx | Cardinality Violation |
| 22xxx | Data Exception |
| 23xxx | Constraint Violation |
| 24xxx | Invalid Cursor State |
| 25xxx | Invalid Transaction State |
| 26xxx | Invalid SQL Statement Identifier |
| 2Dxxx | Invalid Transaction Termination |
| 34xxx | Invalid Cursor Name |
| 35xxx | Invalid Condition Number |
| 36xxx | Cursor Sensitivity Exception |
| 38xxx | External Function Exception |
| 39xxx | External Function Call Exception |
| 3Bxxx | Savepoint Exception |
| 3Cxxx | Ambiguous Cursor Name |
| 40xxx | Transaction Rollback |
| 42xxx | Syntax Error or Access Rule Violation |
| 44xxx | WITH CHECK OPTION Violation |
| 46xxx | Java™ Errors |
| 51xxx | Invalid Application State |
| 53xxx | Invalid Operand or Inconsistent Specification |
| 54xxx | SQL or Product Limit Exceeded |
| 55xxx | Object Not in Prerequisite State |
| 56xxx | Miscellaneous SQL or Product Error |
| 57xxx | Resource Not Available or Operator Intervention |
| 58xxx | System Error |
| 5Uxxx | Common Utilities and Tools |
| HWxxx | Datalink Exception |
| HVxxx | FDW-specific condition |
| HYxxx | CLI-specific condition |
In this case, the HY000
error is a generic error:在这种情况下,
HY000
错误是一个通用错误:
| SQLSTATE | Description
|----------|------------------------------------------------------------|
| HY000 | general error |
| HY001 | memory allocation error |
| HY003 | invalid data type in application descriptor |
| HY004 | invalid data type |
| HY007 | associated statement is not prepared |
| HY008 | operation canceled |
| HY009 | invalid use of null pointer |
| HY010 | function sequence error |
| HY011 | attribute cannot be set now |
| HY012 | invalid transaction operation code |
| HY013 | memory management error |
| HY014 | limit on number of handles exceeded |
| HY017 | invalid use of automatically allocated descriptor handle |
| HY018 | server declined the cancellation request |
| HY019 | non-string data cannot be sent in pieces |
| HY020 | attempt to concatenate a null value |
| HY021 | inconsistent descriptor information |
| HY024 | invalid attribute value |
| HY055 | non-string data cannot be used with string routine |
| HY090 | invalid string length or buffer length |
| HY091 | invalid descriptor field identifier |
| HY092 | invalid attribute identifier |
| HY093 | invalid datalink value |
| HY095 | invalid FunctionId specified |
| HY096 | invalid information type |
| HY097 | column type out of range |
| HY098 | scope out of range |
| HY099 | nullable type out of range |
| HY103 | invalid retrieval code |
| HY104 | invalid LengthPrecision value |
| HY105 | invalid parameter mode |
| HY106 | invalid fetch orientation |
| HY107 | row value out of range |
| HY108 | invalid cursor position |
| HYC00 | optional feature not implemented |
So in the same way:所以以同样的方式:
400 Bad Request
is a generic error 400 Bad Request
是一般错误HY000
is a generic error HY000
是一般错误Most databases will also provide a more vendor-specific error code or error messages.大多数数据库还将提供更多特定于供应商的错误代码或错误消息。
In case anyone thought the HY000
code would be useful by itself for anything.如果有人认为
HY000
代码本身对任何事情HY000
用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.