Database insert not working (MySQL, PHP)

Question

I have this PHP that basically is being used for inserting an email and password into an SQL database:

<?php  
error_reporting(E_ALL ^ E_STRICT);
require "database.php";
$message = '';

  if (!empty($_POST["email"]) &&!empty($_POST["password"])):
  //Enter the new user in the database
    $sql = "INSERT INTO users (email, password) VALUES (:email, :password)";
    $stmt = $conn->prepare($sql);

    $stmt->bindParam(":email", $_POST['email']);
    $stmt->bindParam(":password", password_hash($_POST['password'], PASSWORD_BCRYPT));

    if ($stmt->execute() ):

      $message = 'Successfully created a new user';
    else:
      $message = 'Sorry there must have been an issue whilst registering';
    endif;

  endif;
?>

Here is the form:

<div class="jumbotron" id="jumbotron-6">
  <div class="container text-center">
  <?php if (!empty($message)):
  ?>
  <h3 id="h3message"><?= $message ?> </h3>
<?php endif; ?>
     <form action="signup.php" method="POST">
      <input type="text" placeholder="enter your email" name="email"> 
        <input type="password" placeholder="and password" name="password">
          <input type="password" placeholder="confirm password" name="confirm_password">
        <input type="submit">
    </form> 
  </div>
</div>

It doesn't insert into the database (all the fields, variables are correct i think - just email and password) and it comes back with the error message that I created that says 'Sorry there must have been an issue whilst registering'

Here is the database.php file

<?php 

$server =  'localhost';
$username = "root";
$password = "";
$database = "auth";

try{
  $conn = new PDO ("mysql:host={$server};dbname={$database};" , $username, $password);
} 
catch (PDOException $e) {
  die ( "Connection failed; " . $e->getMessage());
} 

?>

Please, check [PDO::errorInfo](http://php.net/manual/en/pdo.errorinfo.php). You might want to [get PDO to provide the errors](http://stackoverflow.com/questions/3726505/how-to-squeeze-error-message-out-of-pdo) — FirstOne, Jul 16 '16 at 19:19
Your code works on my setup as it is (i only need to change the mysql credentials). Are you absolutely sure that your root user does not have a password? — Ayo Makanjuola, Jul 16 '16 at 19:24
Sidenote: you aren't using the `confirm_password` field server-side. — FirstOne, Jul 16 '16 at 19:24
I haven't set up the confirm_password just yet, trying to get this to work first — EllisJ98, Jul 16 '16 at 19:32
Add the following var_dump($stmt->errorInfo()); just before $message = 'Sorry...'; and share what the error message was — Ayo Makanjuola, Jul 16 '16 at 19:32
1 => int 1366 2 => string 'Incorrect integer value: '$2y$10$sQnVR0FK0uSGLypUq95GrOrFWQYrd3rlSbsNiQgo2cOmDCd/jKvaO' for column 'password' at row 1' (length=118) — EllisJ98, Jul 16 '16 at 19:40
You password column in the database, change it to VARCHAR 255 and try again. It seems that its currently set as an integer and can only take numbers — Ayo Makanjuola, Jul 16 '16 at 19:48
yes i do still get the error, and here https://gyazo.com/e869d63986d4e64d07fddc0e12c3fb66 — EllisJ98, Jul 16 '16 at 21:07
Until you change the password field from int(200) to varchar(255) you will not be able to store the password into the database. The table structure you shared indicates that the password field is an int field. — Anya Shenanigans, Jul 16 '16 at 22:29

score 0 · Answer 1 · answered Jul 16 '16 at 19:24

0

Hash the password before you bind it:

$UserPWHash = password_hash($_POST['password'], PASSWORD_BCRYPT);

$stmt->bindParam(":password", $UserPWHash));

answered Jul 16 '16 at 19:24

ioMatrix

603
5
6

I changed it to: $UserPWHash = password_hash($_POST['password'], PASSWORD_BCRYPT); $stmt->bindParam(":email", $_POST['email']); $stmt->bindParam(":password", $UserPWHash)); but still doesn't work – EllisJ98 Jul 16 '16 at 19:29
Not hashing the password initially did not prevent the entry from saving. It raised a notice, but it didn't prevent inserting the record. – Ayo Makanjuola Jul 16 '16 at 19:29

Database insert not working (MySQL, PHP)

1 Answers1