PHP sql md5 signup

Question

I've created a php signup form. It works fine. But when I modified it for md5 password it isn't running. Also, what are the ways i can protect/modify it to remove SQL injection attacks.

      require_once("functions/validation_employee_signup.php");

if( isset($_POST['send']) && (!validateName($_POST['name']) || !validateEmail($_POST['email']) || !validatePasswords($_POST['pass1'], $_POST['pass2']) || !validateContact($_POST['contact']) || !validateAge($_POST['age'])) ):?>
            <div id="error">    
                <ul>
                    <? if(!validateName($_POST['name'])):?>
                        <li><strong>Invalid Name:</strong> We want names with more than 3 letters.</li>
                    <? endif?>
                    <? if(!validateEmail($_POST['email'])):?>
                        <li><strong>Invalid E-mail:</strong> Type a valid e-mail please.</li>
                    <? endif?>
                    <? if(!validatePasswords($_POST['pass1'], $_POST['pass2'])):?>
                        <li><strong>Passwords are invalid:</strong> Passwords doesnt match or are invalid!</li>
                    <? endif?>
                    <? if(!validateContact($_POST['contact'])):?>
                        <li><strong>Please enter a valid number.</strong></li>
                    <? endif?>
                    <? if(!validateAge($_POST['age'])):?>
                        <li><strong>Please enter a valid age</strong></li>
                    <? endif?>
                    </ul>
            </div>
        <?php elseif(isset($_POST['send'])):?>
            <div id="error" class="valid">
                <ul>
                <?php
                require_once('functions/connection.php'); 
                $query = "INSERT INTO employee (name, md5(password), email, contact, age, gender, location, skill, work) VALUES ";                           
                $query .= "('".$_POST['name']."', '".$_POST['pass1']."', '".$_POST['email']."','".$_POST['contact']."','".$_POST['age']."','".$_POST['gender']."','".$_POST['location']."','".$_POST['skill']."','".$_POST['work']."')";
                // run the query
                mysql_query($query);?>
                <li><strong>Congratulations!</strong> You have been successfully registered!</li>
                </ul>
            </div>
    <?php endif?>

md5(password_from_db) == md5(password_from_form) . did you md5 the passwords you are both gonna compare? — tomexsans, Jun 08 '12 at 05:18
$password = md5($_POST["pass1"]); and then insert, also dont trust user input, read about mysql_real_escape_string() function — Petro Popelyshko, Jun 08 '12 at 05:18
I have a separate file "functions.php". Using a function; I will be taking care of all these issues. — homer, Jun 08 '12 at 05:24
I've modified it as below, but it is storing the password as "md5(password)". — homer, Jun 08 '12 at 05:39
For protection from SQL Injection take a look at http://stackoverflow.com/q/60174/558094 — Vinayak Garg, Jun 08 '12 at 05:39

score 0 · Accepted Answer · answered Jun 08 '12 at 05:36

0

I think you are adding MD5 in the wrong place. It should be used on a string not a column name. So your values part should read something like:

$query .= "('".$_POST['name']."', MD5('".$_POST['pass1']."'), etc...

answered Jun 08 '12 at 05:36

px4n

416
2
6

It works!!!Thankyou. I wrote $query .= "('".$_POST['name']."', 'md5(".$_POST['pass1'].")'.. previously. Thanks. I learnt from the mistake. – homer Jun 08 '12 at 05:40
You're welcome :), if it answers your question, please don't forget to vote and/or accept. – px4n Jun 08 '12 at 05:41
I'm a new user here. Also a bit new to PHP, SQL. It says "Vote Up required 15 reputation". – homer Jun 08 '12 at 05:45
Now i'm having a problem in logging in. If i provide the password in normal text, it shows an error; and if i put the original MD5format it accepts. – homer Jun 08 '12 at 06:00
@Rinzler: Yes it is, but it was about md5 so posted it here only. Any help? – homer Jun 08 '12 at 06:47

PHP sql md5 signup

1 Answers1