Davam Davam - 2 months ago 5
MySQL Question

How to insert in to table $_POST['password']_hash("astkhlo", PASSWORD_DEFAULT)

This is not working:-

$query= "INSERT INTO `members`(`name`,`email`,`password`) VALUES('".mysqli_real_escape_string($link,$_POST['name'])."','".mysqli_real_escape_string($link,$_POST['email'])."','".$_POST['password']_hash("astkhlo",PASSWORD_DEFAULT)."')";


I am using xampp. It says


Parse error: syntax error, unexpected '_hash' (T_STRING)

Answer

Need to do something like below (a better approach):-

$name = mysqli_real_escape_string($link,$_POST['name']);
$email = mysqli_real_escape_string($link,$_POST['email']);
$password = password_hash($_POST['password'],PASSWORD_DEFAULT);

$query= "INSERT INTO members(name,email,password)  VALUES('".$name."','".$email."','".$password."')";

Note:-

Your script is still vulnerable to SQL Injection.

Try to Learn prepared statements to prevent from SQL Injection. Thanks

Comments