0

I am trying to insert data into mysql database, this is an email registration with verification. The unique random number is not inserting into the database table. Please help me. Thanks a bunch.

else {
    $user_confirm = md5(uniqid(rand()));
    echo "$user_confirm";
    //the form has been posted without, so save it
    //notice the use of mysql_real_escape_string, keep everything safe!
    //also notice the sha1 function which hashes the password
    $sql = "INSERT INTO users(
                   user_name, 
                   user_pass, 
                   user_email,
                   user_date,
                   user_level,
                   user_confirm
            )
            VALUES('" . mysql_real_escape_string($_POST['user_name']) . "',
                   '" . sha1($_POST['user_pass']) . "',
                   '" . mysql_real_escape_string($_POST['user_email']) . "',
                   NOW(),
                   0, 
                  '$user_confirm'
            )";

    $email = $_POST["user_email"];  
    $result = mysql_query($sql);
Danila Ganchar
  • 10,266
  • 13
  • 49
  • 75
Indian knight
  • 41
  • 3
  • 1
    What is the column type for `user_confirm`, as well as the length on the column. – Ohgodwhy Nov 30 '15 at 18:15
  • 2
    as a sidenote, you aren't hashing your passwords into db. [Here it Is](http://stackoverflow.com/a/33665819) for `mysqli` or `pdo`. As a perk, you might find the parameter passing a little less arcane and error prone than the way you are doing it with a deprecated library `mysql_*` – Drew Nov 30 '15 at 18:18
  • How about some error checking such as `mysql_error()` - makes it much easier to work out what is wrong and how to fix. – Tristan Nov 30 '15 at 18:19
  • user_confirm is INT(11). – Indian knight Nov 30 '15 at 18:57
  • I am using sha1 Drew, and In my database I can see the password is hashed. – Indian knight Nov 30 '15 at 18:58
  • ok lemme check mysql_error() Tristan – Indian knight Nov 30 '15 at 18:59
  • every other information is storing but I am unable to insert this random number. – Indian knight Nov 30 '15 at 19:10
  • 1
    The `INT(11)` is not large enough and is the wrong type of field to store your SHA1 ***string***. Check your error logs. You really should use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). – Jay Blanchard Nov 30 '15 at 19:15
  • 1
    Same thing with `$user_confirm`, it is a ***string*** (like beba256f79e888013bb34e5a774fe7f9), not an ***INT***. – Jay Blanchard Nov 30 '15 at 19:21

2 Answers2

0

You have two issues: $user_confirm is a string (I generated beba256f79e888013bb34e5a774fe7f9 with your code) and you're trying to store it in a column that is designated for integers (INT(11)).

Hashed strings should be stored in TEXT fields to allow for the size of the strings generated by md5() and sha1().

Second, you really shouldn't use MD5 password hashes and you really should use PHP's built-in functions to handle password security. If you're using a PHP version less than 5.5 you can use the password_hash() compatibility pack.

Your script is at risk for SQL Injection Attacks.

If you can, you should stop using mysql_* functions. These extensions have been removed in PHP 7. Learn about prepared statements for PDO and MySQLi and consider using PDO, it's really pretty easy.

Community
  • 1
  • 1
Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
0

MySQL md5 function returns a string of 32 hex digits, or NULL if the argument was NULL. Use varchar(32) instead of int(11) for the field.

Refer to MySQL Document for more info.

Also, ensure that you are adding quotes to string field correctly.

cyber.sh
  • 712
  • 4
  • 10