insert - MySQL query runs without error but does not populate database -


evening folks,

having of "looked @ long moments".

this code when run return success message nothing gets entered database table, no errors being thrown up, know correct values being received _post can't see what's wrong, have identical query on page , works fine.

can see issues code?

if (isset($_post['username']) && $_post['username'] !== '') {      $salted = md5($_post['pass1'] . 'salt');    try   {     $sql = 'insert users set        username = :username,       firstname = :firstname,       lastname = :lastname,       email = :email,       password = $salted,       joined = curdate()';     $s = $pdo->prepare($sql);     $s -> bindvalue(':username', $_post['username']);     $s -> bindvalue(':firstname', $_post['firstname']);     $s -> bindvalue(':lastname', $_post['lastname']);     $s -> bindvalue(':email', $_post['email']);     $s -> execute();    }   catch (pdoexception $e)   {     $error = 'error adding submitted user.';     echo $error;     exit();   }    ?> <div class="alert alert-success">user added database.</div> <?php  }

summarizing comments here, sake of having answer. marked community wiki.

  • a string in insert statement should quoted.

      password = '$salted',

  • you should use parameter anyway.

      password = :password,    . . .    $s -> bindvalue(':password', $salted);

  • md5 isn't preferred hashing function modern strong password storage. neither sha1.
    try use sha256 or bcrypt instead.

    $salted = hash('sha256', $_post['pass1'] . 'salt');

  • salting better if use random salt string per user.

  • make sure pdo instance configured throw exceptions.

    $pdo->setattribute(pdo::attr_errmode, pdo::errmode_exception);

  • always capture pdo exception's error message, if don't output users.

    error_log($e->getmessage());

Comments

Post a Comment

Popular posts from this blog

java.util.scanner - How to read and add only numbers to array from a text file -

i'm learning java , have question regarding reading file want read numbers file contains strings well. here example of file: 66.56 "3 java 3-43 5-42 2.1 1 and here coding: public class test { public static void main (string [] args){ if (0 < args.length) { file x = new file(args[0]); try{ scanner in = new scanner( new fileinputstream(x)); arraylist<double> test = new arraylist<>(); while(in.hasnext()){ if(in.hasnextdouble()){ double f=in.nextdouble(); test.add(f);} else {in.next();} } catch(ioexception e) { system.err.println("exception during reading: " + e); } } my problem add 66.56,2.1 , 1 doesn't add 3 after "3 or ignores 3-43 , 5-42 can tell me how skip strings , add doubles here? thanks all said 3 ie; "3, 3-43 , 4-42 strings either u read string , split , check number @ " , - or put in space between characters , integers. jvm after compilation tre...
Read more

rewrite - Trouble with Wordpress multiple custom querystrings -

i'm working on adding multiple querystring , doesn't seem work. i've found codes seems work others might i'm missing something. i want like: http://mydomain.com/board/?getyear=2013&getsometext2=sometext to http://mydomain.com/board/2013/sometext/ i added code below functions.php file. doesn't seem work should though. this works. echoing querystring gets both variable without problem. http://mydomain.com/board/2013/sometext/ but doesn't. tested querystring vis isset() seems nothing being set/get http://mydomain.com/board/2013/ function add_query_vars($vars) { $vars[] = "getyear"; $vars[] = "getsometext2"; return $vars; } add_filter('query_vars', 'add_query_vars'); function add_rewrite_rules($arules) { $anewrules = array('board/([^/]+)/([^/]+)/?$' => 'index.php?pagename=board&getyear=$matches[1]&getsometext2=$matches[2]'); $arules = $a...
Read more