Reputation: 227
MySQL Not Adding To Database
I have a form to signup with the code below:
<form method="post">
Username<input type="text" size="12" maxlength="16" name="username"><br />
Password<input type="password" size="12" maxlength="32" name="password"><br />
<input type="submit" name="submit" value="Sign Up!" />
</form>
And then I have it too check if the username contains any special characters and if it doesn't it runs this code:
define("DB_SERVER", "localhost");
define("DB_USER", "will");
define("DB_PASS", "blahblah");
define("DB_NAME", "blahblah");
define("TBL_USERS", "users");
$connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS) or die(mysql_error());
mysql_select_db(DB_NAME, $connection) or die(mysql_error());
function addNewUser($username, $password){
global $connection;
$username =$POST['username'];
$password =$_POST['password'];
$password1 = md5($password);
$q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password1')";
return mysql_query($q, $connection);
}
This should add the username and password to my table with the password as an md5 hash but it doesn't, could someone please help me.
Thanks!
Upvotes: 0
Views: 219
Answers (5)
Reputation: 3160
First of all: Don't use concatenated strings to insert values to the database. This is a major security hole, it can be exploited using a technique called SQL-Injection. You can prevent this by using so called Prepared Statements.
And this should solve your problem: You probably don't really call the addNewUser function. You just connect ot the database.
Try this:
define("DB_SERVER", "localhost");
define("DB_USER", "will");
define("DB_PASS", "blahblah");
define("DB_NAME", "blahblah");
define("TBL_USERS", "users");
function addNewUser($username, $password){
global $connection;
$password1 = md5($password);
$username = mysql_real_escape_string($username);
$q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password1')";
return mysql_query($q, $connection);
}
$connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS) or die(mysql_error());
mysql_select_db(DB_NAME, $connection) or die(mysql_error());
addNewUser($_POST["text"], $_POST["password"]);
Upvotes: 1
Reputation: 4701
To be ultra clear...
You have a function in there, but it's never called, as everyone has said.
To call it, Add this line before your function starts:
$var = addNewUser($_POST["username"], $_POST["password"]);
EDIT: Further... In your function, you already have $username and $password, you can delete these lines:
$username =$POST['username'];
$password =$_POST['password'];
And last but not least, storing your password with only md5 is not good practice. Read up: http://elbertf.com/2010/01/store-passwords-safely-with-php-and-mysql/
Upvotes: 0
Reputation: 475
$username =$POST['username'] is wrong. You forgot _ . It must be $username = $_POST['username'].
Upvotes: 0
Reputation: 32031
Are you calling the addNewUser function?
Also, watch your SQL-Statement for SQL-Injections.
Upvotes: 0
Reputation: 66
It doesn't look like you're actually calling addNewUser here. Also, as a future hint, using prepared statements to avoid SQL injections is probably the way to go for anything but the most trivial of applications. One tutorial on using SQL prepared statements in PHP is here
Upvotes: 0
Related Questions
- How to use the md5 hash?
- MD5 acting different in SQL database and in PHP script
- PHP md5 insertion in localhost
- Insert md5 hash into mysql database
- sql error when using HASH()?
- md5 salt hash can't find equal entry in DB
- md5 hash login with php and mysql
- Problem with md5 and hash
- MD5 hash validation failing for unknown reason in PHP
- MySQL's MD5 hash is incorrect