Trying to save result from PHP function in MySQL

Question

I've created a simple customer signup form (signup.html) to capture 3 fields (email, subdomain and plan).

I also want to assign them a random password, I've lifted the code to generate this from this SO article (Generating a random password in php).

My PHP code (insert.php) is saving the form data fine into MySQL, but not the result from the randomPassword function, where it places "()" in the field instead of the randomly generated password I am hoping for.

I gather I'm not calling the result from the randomPassword() function properly. What am I doing wrong here?

SIGNUP.HTML

<form action="insert.php" method="post" class="inline-form">
  <div class="form-group">
    <label for="email">Your email address</label>
    <input type="email" name="email" class="form-control input-lg" id="email" placeholder="Enter email">
  </div><br><br>
          <label>Select your plan</label><br>
  <div class="radio">
     <label>
        <input type="radio" name="plan" id="plan" value="optionA" checked>
        Option A
    </label>
  </div><br>
  <div class="radio">
     <label>
        <input type="radio" name="plan" id="plan" value="optionB">
        Option B
     </label><br><br>
  </div>
  <div class="form-group">
    <label for="subdomain">Pick your subdomain
     </label>
     <input type="text" name ="subdomain" class="form-control input-lg" id="subdomain">
  </div>
  <br><br>
  <button type="submit" class="btn btn-teal" name="Sign Up">Sign me up!</button>
</form>

INSERT.PHP

<?php
$con=mysqli_connect("localhost","username","password","db_name");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

function randomPassword() {
    $alphabet = "abcdefghijklmnopqrstuwxyzABCDEFGHIJKLMNOPQRSTUWXYZ0123456789";
    $pass = array(); //remember to declare $pass as an array
    $alphaLength = strlen($alphabet) - 1; //put the length -1 in cache
    for ($i = 0; $i < 8; $i++) {
        $n = rand(0, $alphaLength);
        $pass[] = $alphabet[$n];
    }
    return implode($pass); //turn the array into a string
}

$sql="INSERT INTO accounts (email, plan, subdomain, password)
VALUES
('$_POST[email]','$_POST[plan]','$_POST[subdomain]','$randomPassword()')";

if (!mysqli_query($con,$sql))
  {
  die('Error: ' . mysqli_error($con));
  }
echo "1 record added";

mysqli_close($con);
?>

Answer 1

It doesn't look like you assign a variable to contain the password at all. Functions don't just execute on their own. Use the following:

$myPass=randomPassword();

$sql="INSERT INTO accounts (email, plan, subdomain, password)
VALUES
('$_POST[email]','$_POST[plan]','$_POST[subdomain]','$myPass')";

A function on it's own is just sitting there WAITING to be executed, but doesn't fire off on it's own. In this case, the function returns a value (the password it makes). To actually get it, you write code like $myPass=randomPassword(); which then executes the function and the value is passed into the variable.

As you don't appear to be a veteran, I will expand some more. If you aren't sure why to have a function rather than just execute the code in the first place, a function can be used over and over. Lets say I did the following:

$myPass1=randomPassword();
$myPass2=randomPassword();

With that one function I now have two totally different passwords stored in the variables. You can do all sorts of other fancy things, but think of a function as a snippet of code that is to be re-used within your code, hopefully on a number of occasions - without the need to have it written many times.

Answer 2

Perhaps this would work

$sql="INSERT INTO accounts (email, plan, subdomain, password)
VALUES ('$_POST[email]','$_POST[plan]','$_POST[subdomain]','randomPassword()')";