1

Need some guidance on how to encrypt a new password that has been entered by a user in their profile page.

My PHP for updating the profile page is currently this:

<?php

session_start();

include("connection.php");

$name = $_POST['name'];
$email = $_POST['email'];
$DOB = $_POST['DOB'];
$country = $_POST['country'];
$password = $_POST['password'];

$query = "UPDATE users SET name = '".$name."', email = '".$email."', DOB = '".$DOB."', country = '".$country."', password = '".$password."' WHERE id='".$_SESSION['id']."'"; 

$result = mysqli_query($link, $query);

header('Location: profile.php');

?>

I used md5 twice for the login but not sure how to implement it here. I'm pretty new to PHP and SQL so I apologize in advance if this is obvious to some folks.

Your help would be greatly appreciated. Thank you.

Termininja
  • 6,620
  • 12
  • 48
  • 49
will
  • 49
  • 1
  • 10
  • 3
    SQL Injection vulnerabilities. OWASP Project is good starting point. [https://www.owasp.org/index.php/SQL_Injection](https://www.owasp.org/index.php/SQL_Injection) – spencer7593 Mar 26 '16 at 03:59
  • Use `$password = md5($_POST['password']);` – Nana Partykar Mar 26 '16 at 05:24
  • @will - What is the URL for this web site and does it have any interesting stuff on it? I would like a butchers and by this script anybody can have a look – Ed Heal Mar 26 '16 at 07:46
  • 3
    Using MD5 is nearly as secure as plain text. Use a secure hashing algorithm like Blowfish. [How do you use bcrypt for hashing passwords in PHP?](http://stackoverflow.com/q/4795385/199048) – Christian Strempfer Mar 26 '16 at 07:48
  • @EdHeal yes thank you Ed, hence my post, I want to protect it. I'm a complete novice to all this php/sql arena. I know to someone like yourself it seems stupid what I have done but if you have any guidance on how I can make it better I would very much appreciate it. – will Mar 26 '16 at 14:44

0 Answers0