-3

I am trying to run a PHP page that should insert a username and password into my MSSQL table "users". When I run the page the only thing that appears is the errors:

Warning: mssql_query() [function.mssql-query]: message: 'md5' is not a recognized built-in function name. (severity 15) in D:\Hostins0\html\insertadminaccount.php on line 10

Warning: mssql_query() [function.mssql-query]: Query failed in D:\Hostinstml\insertadminaccount.php on line 10
'md5' is not a recognized built-in function name.

Here is my full PHP page code:

<?php
$conn=mssql_connect('sm','Gaer','Ra1!');
mssql_select_db('Gser',$conn);
if(! $conn )
{
  die('Could not connect: ' . mssql_get_last_message());
}
   $sqla = "INSERT INTO users (username, password)
VALUES ('rob_dewar01', " . md5 ('KingDozer') . ")";
mssql_query($sqla, $conn) or die(mssql_get_last_message());

if (!mssql_query) {
    // The query has failed, print a nice error message
    // using mssql_get_last_message()
    die('MSSQL error: ' . mssql_get_last_message());
}

mssql_close($conn);
?>

Thank you for any help. All help is appreciated.

Kelsey
  • 913
  • 3
  • 19
  • 41
  • 1
    The error message (`'md5' is not a recognized built-in function name`) tells you *exactly* what the problem is. What are you really asking about here? – Sverri M. Olsen Feb 14 '14 at 20:27
  • 1
    Did you even TRY reading the error message? This has NOTHING to do with PHP. You're generating invalid sql, e.g. there is **NO** md5() function in MSSQL. – Marc B Feb 14 '14 at 20:27
  • Reading is not good! Make a SO question instead! – u_mulder Feb 14 '14 at 20:29

1 Answers1

3

MSSQL doesn't have a direct md5 function (you can convert it as demonstrated here). You need to use it through PHP like so:

$sqla = "INSERT INTO users (username, password)
VALUES ('rob_dewar01', '" . md5('KingDozer') . "')";

Also, md5 is not secure. Look into using prepared statements.

See the Secure hash and salt for PHP passwords question for more information about hashing passwords in PHP.

Community
  • 1
  • 1
Kermit
  • 33,827
  • 13
  • 85
  • 121
  • +1 for linking that md5 is not the way to go. – Zane Feb 14 '14 at 20:30
  • I tried that, and I now get the errors `Warning: mssql_query() [function.mssql-query]: message: Incorrect syntax near 'b1a1953c219343f3313f0feae9abbe8'. (severity 15) in D:\Hostinga0\html\insertadminaccount.php on line 10 Warning: mssql_query() [function.mssql-query]: Query failed in D:\Hosting\ahtml\insertadminaccount.php on line 10 Incorrect syntax near 'b1a1953c219343f3313f0feae9abbe8'.` – Kelsey Feb 14 '14 at 20:31
  • 1
    add quotes around `. md5('KingDozer')` – u_mulder Feb 14 '14 at 20:34
  • Edited the code in my question to what I currently have on my PHP page. I do have the quotes around `. md5('KingDozer')` and it is reading the errors I commented above. – Kelsey Feb 14 '14 at 20:38
  • @Michael See my edit with the single quotes. If you were using prepared statements you wouldn't have this mess. – Kermit Feb 14 '14 at 20:40
  • Thank you @FreshPrinceOfSO. The code works now. – Kelsey Feb 14 '14 at 21:01