0

Good day. I would like to ask what's wrong with my codes. These already worked in a website that we made with my mate but as I run "register.php", I cannot insert data to my table named 'accounts'. Thanks in advance. Here are the codes:

connect.php

<?php 
//Callback function for connecting the website to the accounts database.
$connect = mysqli_connect('localhost', 'root', '');
if (!$connect){
    die("Database Connection Failed" . mysqli_error($connect));
}
//Selects the database
$select_database = mysqli_select_db($connect, 'users');
if (!$select_database){
    die("Database Selection Failed" . mysqli_error($connect));
}

register.php

<?php
session_start();
require('connect.php');
//If the values are posted, insert them into the database.
if (isset($_POST['username']) && isset($_POST['pass'])){
    $username = $_POST['username'];
    $email = $_POST['email'];
    $password = $_POST['pass'];
    $passwordauth = $_POST['passwordauth'];
    if($password == $passwordauth){
    $password = hash ( 'sha256' , $password ); // hash function creates
        an encrypted code form the $password for security considerations
    $query = "INSERT INTO accounts (username, password, email) VALUES
           ('$username', '$password', '$email')";
    $result = mysqli_query($connect, $query);
    if($result){
        $msg = "User Created Successfully.";
    }
    else{
        $msg ="User Registration Failed";
    }
    }
    else
    {
    $msg ="Password does not match.";
    }
}
Thamilhan
  • 13,040
  • 5
  • 37
  • 59
Ernie
  • 1
  • 3
    For the sake of everybody who's trying to shut down cybercriminal activity, please read this before you try to dream up your own password schemes. http://php.net/manual/en/faq.passwords.php People who create their own password schemes are like people who serve as their own lawyers in court: they both have fools for clients. – O. Jones Dec 14 '16 at 16:57
  • 2
    ***You shouldn't use [SHA1 password hashes](https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1)*** or ***[MD5 password hashes](http://security.stackexchange.com/questions/19906/is-md5-considered-insecure)*** and you really should use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. Make sure you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Dec 14 '16 at 17:49
  • 1
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) – Jay Blanchard Dec 14 '16 at 17:49

0 Answers0