![]() The rest of your program is done well it is good for you to deliberately handle these possible error cases. This is vital for securing yourself against SQL injection attacks, which I recommend you do some reading on. ![]() Secondly, notice that I do not construct the SQL string by using $Firstname directly instead, I only use $sql_Firstname, which is equivalent to $Firstname but has had special characters properly escaped - this is what the mysql_real_escape_string function does. ![]() This is what we want, as we never want bad guys to hack the database and figure out what people's passwords are. First of all, I am storing $password_hash in the database instead of $password. $sql = "INSERT INTO users (Firstname, Lastname, Email, password)" $sql_password_hash = mysql_real_escape_string($password_hash) $sql_Email = mysql_real_escape_string($Email) $sql_Lastname = mysql_real_escape_string($Lastname) $sql_Firstname = mysql_real_escape_string($Firstname) This query needs to be given to the database by passing it as a string to the mysql_query function. VALUES ($Firstname, $Lastname, $Email, $password, $password2.) INSERT INTO users (Firstname, Lastname, Email, password.) However, there is a particular way in which you need to query the database. Mysql_select_db("members") or die ("couldnt find db!") $connect = mysql_connect("localhost","root","power1") or die("couldn't connect!") You've connected to your database perfectly. sha1 is decently strong and fine for you to use until you are more comfortable with programming. Of course, the strength of a hash is only as good as the hashing algorithm, and there are many available. Because we never-ever want bad guys to know what someone's password actually is, we should hash the password rather than encrypt it. ![]() Note that hashing is different than encryption: hashing is one-way, meaning that once the password is hashed you cannot take the hash code and get back the password on the other hand, encryption can be reversed. if (strcmp($password, $password2) = 0)Īfter you've made sure the passwords match, this is when you'd want to hash the password. If you really wanted to use strcmp, we can learn from the documentation page that the function returns zero if the strings are equal. Instead, you may simply use the = operator. You have the right idea, but you do not actually need to use strcmp to compare two strings for equality in PHP. if int strcmp ( string $password, string $password2 ) This example will not encounter any errors if POST values are missing. In this example, we make sure that all of the POST values we want to use actually exist before we start using them. You should consider starting your program in this fashion. Unfortunately, this is too late, as an error would have already occurred above. I believe here is where you wanted to test that the POST values exist. if ($&$password&$Email&$Firstname&$Lastname) For that reason, you have to test that your desired values exist first. Therefore, things like $_POST can be undefined. What you have to be careful of, though, is that nothing is guaranteed to exist in the $_POST array. You've created some variables, such as $Firstname, that are easier to read and type than $_POST. I think that it is great that you came here to ask for help and I love that you've dived into exactly what you want to do.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |