Reputation: 33
password_hash still hashes and stores an undefined variable
I have a script which successfully writes to the database.
However, when I change the variable name $password1 or $password9 or $password34 and save the script, the script still works and a new entry in the DB appears with all the fields filled out including the password field.
$password0 = trim($_POST['password1']);
$hashed_passcode = password_hash($password4, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($q, 'ssss', $first_name, $last_name, $email, $hashed_passcode);
Above is an example, where I changed the variable to $password0. and when I hash it the variable is $password4. I resubmit the form and it still works. How can this be?
Upvotes: 3
Views: 686
Answers (1)
Reputation: 74217
Reason being is that it will create a hash alright, it just won't store the hash associated with the actual password you want to store.
Having all error reporting set though, would have signaled an undefined variable.
Note: password_hash() only hashes passwords and does not show any type of error, that isn't its job to do that, it's the error handling on the server that does.
Upvotes: 3
Related Questions
- PHP password_hash() shows some unusual behaviour? Maybe i'm wrong?
- php - password_hash returns false
- password_hash returns different value every time
- php For some strange reason my password_hash(), does not work
- PHP 7 - password_hash returns NULL
- password_hash returns NULL
- Issues implementing password_hash in PHP
- password_hash() PASSWORD_DEFAULT PHP 5.5
- Why isn't PHP's "password_hash" returning a string?
- PHP password_hash error