Davam Davam - 1 year ago 53
MySQL Question

How to insert in to table $_POST['password']_hash("astkhlo", PASSWORD_DEFAULT)

This is not working:-

$query= "INSERT INTO `members`(`name`,`email`,`password`) VALUES('".mysqli_real_escape_string($link,$_POST['name'])."','".mysqli_real_escape_string($link,$_POST['email'])."','".$_POST['password']_hash("astkhlo",PASSWORD_DEFAULT)."')";

I am using xampp. It says

Parse error: syntax error, unexpected '_hash' (T_STRING)

Answer Source

Need to do something like below (a better approach):-

$name = mysqli_real_escape_string($link,$_POST['name']);
$email = mysqli_real_escape_string($link,$_POST['email']);
$password = password_hash($_POST['password'],PASSWORD_DEFAULT);

$query= "INSERT INTO members(name,email,password)  VALUES('".$name."','".$email."','".$password."')";


Your script is still vulnerable to SQL Injection.

Try to Learn prepared statements to prevent from SQL Injection. Thanks

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download