I'm using php 5.6.25 and trying to filter the input, but it is only entering the data once into mysqli -
i've tried few ways of filtering , when can insert table once, id set auto increment. how variables defined.
<form action = "php/createaccount.php" method = "post"> first name <br /> <input type ="text" placeholder="first name" name = "fname"><br /> last name <br /> <input type ="text" placeholder="last name" name = "lname"><br /> user name <br /> <input type ="text" placeholder="username" name = "uname"><br /> password <br /> <input type ="text" placeholder="password" name = "pword"><br /> school name <br /> <input type ="text" placeholder="school name" name = "sname"><br /> email <br /> <input type ="text" placeholder="email" name = "email"> <br /> <input type = "submit" value = "create account"> </form>
this createaccount.php page
<?php error_reporting (-1); ini_set ("display_errors", "on"); $con = mysqli_connect("localhost" , "root" , "" , "epicreads"); //check connection if (mysqli_connect_errno()) { echo "failed connect mysql: " . mysqli_connect_error(); } $sql = $con->prepare("insert users (fname, lname, email, uname, sname) values (?, ?, ?, ?, ?)"); $sql->bind_param('sssss', $fname, $lname, $email, $uname, $sname); $sql->execute(); //password , password security //set cost $cost = 10; // create random salt $salt = strtr(base64_encode(mcrypt_create_iv(16, mcrypt_dev_urandom)), '+', '.'); // hash password salt $hash = crypt($pword, $salt); //post table $pword = "inert users (pword) values ('$_post[pword]')"; //echo die('error: ' . mysqli_error($con)); echo "1 record added"; mysqli_close($con); ?>
this updated createaccount.php page update: error reporting on saying column 'fname' cannot null this table structure in mysqli
you have typo here:
//post table $pword = "inert users (pword) values ('$_post[pword]')";
you want insert
s.
also:
// hash password salt $hash = crypt($pword, $salt);
you're hashing sql statement, not variable.
as recommended in comments should using password_hash
, appears have cost
array value typical of password_hash maybe copy/pasted somewhere used, go , read rest of syntax.
using own salts not advised.
your issue here:
with error reporting on saying column 'fname' cannot null
is because you're trying enter empty row; password sql, above, inserting password value mysql you're wanting update
existing row rather insert
new row password on it.
so should research password_hash
, edit password table column @ least 72 characters long , insert password @ same time insert rest of data table.
if need edit row exists should use update
mysql function.
you have
//echo die('error: ' . mysqli_error($con));
will run every time script runs, regardless if there error or if picked up. not way detect object orientated mysql errors. see this answer rundown on how detect mysql errors in php.
there no guide variables come from? assume you're working before reach sql insert considering researching input filtering, see no evidence of input filtering on question code. hope you're not using global variables, typically posted varaibles accessible $_post['name']
superglobals once form has been submitted.
<?php error_reporting (-1); ini_set ("display_errors", "on"); $con = mysqli_connect("localhost" , "root" , "" , "epicreads"); //check connection if (mysqli_connect_errno()) { echo "failed connect mysql: " . mysqli_connect_error(); } /*** new password construct: //password , password security //set cost ***/ $option['cost'] = 10; $password = password_hash($_post['pword'], password_bcrypt, $option); $sql = $con->prepare("insert users (fname, lname, email, uname, sname, pword) values (?, ?, ?, ?, ?,?)"); $sql->bind_param('ssssss', $fname, $lname, $email, $uname, $sname,$password); $check = $sql->execute(); // execute() can fail various reasons. // , may stupid tripping on network cable // 2006 "server gone away" option if ( $check === false ) { //much better die statement: error_log('execute() failed: ' . htmlspecialchars($sql->error)); } else { echo "1 record added"; } $sql->close();
Comments
Post a Comment