Hello I wish to input some data from a HTML form in my website into a SQL database. Here is my database so far.
Add a comment
|
1 Answer
You could easily just call the addNewUser() function passing the required parameters as:
addNewUser($connect,$username,$password,$dbtable);
A better usage example would be to first check that the form has been already submitted to prevent any direct access or empty records and PHP warnings by checking that form fields have been submitted, ie.
if(isset($_POST["username"]) && isset($_POST["password"]))
{
$username=$_POST['username'];
$password=$_POST["password"];
addNewUser($connect,$username,$password,$dbtable);
}
Other than that this seems to be a very basic example and also a bad practise on how to implement a new insert in the database so be sure not to use any of this in a production environment. IE:
- No input filtering.
- Trying to "imitate" an Auto Increment field for the user
- Vulnerable to SQL injection and even prone to fail by accident if say a user tries to register with a username or password that contains a quote
4 Comments
user2857301
Thanks man that was a lot of help. However the password in SQL is giving me the same number each time a new user is entered. Number is: 39903f56c9f53256168b74a629575fcb for some reason? EDIT: nvm worked it out.
Kypros
What exactly do you mean? Are you using the same password for each new user or a different one?
user2857301
Sorry just realized the password is probably being hashed I assume?
Kypros
Yes it first prepends the
$salt to the password, and then hashed using MD5 so using a password of 123 will first generate the string bookstore123 and generate the MD5 hash of that string which is the 39903f56c9f53256168b74a629575fcb string that you see in the database