0

MySQL is not inserting the correct username and password in the database. The php code is:

<?php
    $username = $_POST["email"];
    $password = $_POST["password"];
    require 'database.php';

    $myquery = "INSERT INTO verify (`username`, `password`) VALUES ('$username','$password')";
    $query = mysql_query($myquery);

    if (!$query) {
        echo mysql_error();
        die;
    }
?>

I checked the database.php, it is absolutely fine. It is showing username and password as pranav even though the values are different.

Thanks in advance.

Pranav Kumar
  • 104
  • 1
  • 16
  • Is `database.php` reassigning `$username` and `$password`? Put the declarations after the require if so. Also, don't store password in plain text, stop using mysql_* functions as they are deprecated and removed in PHP7, finally, look at PDO or mysqli instead and use prepared statements. – Jonnix May 05 '16 at 14:32
  • 2
    Consider moving to mysqli/PDO instead of using mysql_ functions, which are deprecated, and were removed in php7. – Dan Costinel May 05 '16 at 14:33
  • show us your `database.php` file content. – mitkosoft May 05 '16 at 14:34
  • [Little Bobby](http://bobby-tables.com/) says [your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard May 05 '16 at 15:41
  • Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard May 05 '16 at 15:41
  • **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure that you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard May 05 '16 at 15:42
  • Also check how to use filter_input to make your scripts more secure when processing external variables (POST, GET etc.). – Lexib0y May 19 '16 at 10:10

2 Answers2

1

Try to re-order you code, maybe some vars are overwritting his values:

<?php
    require 'database.php';
    $username = $_POST["email"];
    $password = $_POST["password"];

    $myquery = "INSERT INTO verify (`username`, `password`) VALUES ('$username','$password')";
    $query = mysql_query($myquery);

    if (!$query) {
        echo mysql_error();
        die;
    }
?>
Grommy
  • 367
  • 1
  • 8
0

I found out what the error was . It was happening because the database.php was coded like this.

PHP:

   <?php
         $username="pranav";
         $password="pranav";
         $host="localhost";
         $database="requester";

              $server = mysql_connect($host, $username, $password);
              $connection = mysql_select_db ($database, $server);

              $table='verify'
   ?>

The username and password was getting rewritten. Thanks Grommy

Pranav Kumar
  • 104
  • 1
  • 16