I have a registration form where the input data is written into the database. The password 'pw' will be hashed with BCRYPT, this works correctly with this code:
$pwHash = pw_hash($pw, PASSWORD_BCRYPT, array('cost' => 10));
Problem:
When I want to update the data it will not work. The code below writes the data without encryption into the database.
How can I make the password encrypted?
Can anyone help me out here?
<?php include_once 'dbcon.php'; $id = $_POST['id']; $fn = $_POST['fn']; $ln = $_POST['ln']; $em = $_POST['em']; $hid = $_POST['hid']; $tn = $_POST['tn']; $us = $_POST['us']; $pw = $_POST['pw']; $ul = $_POST['ul']; $chk = $_POST['chk']; $chkcount = count($id); for($i=0; $i<$chkcount; $i++) $pwHash = pw_hash($pw, PASSWORD_BCRYPT, array('cost' => 10)); { $MySQLiconn->query("UPDATE user SET FName='$fn[$i]', LName='$ln[$i]', Email='$em[$i]', HerbalifeID='$hid[$i]', TelNr='$tn[$i]', UplineS='$us[$i]', Password='$pwHash[$i]', UserLevel='$ul[$i]' WHERE UserID=".$id[$i]); } header("Location: indexAdmin.php"); ?>
I guess the fix should be the following
<?php
include_once 'dbcon.php';
$id = $_POST['id'];
$fn = $_POST['fn'];
$ln = $_POST['ln'];
$em = $_POST['em'];
$hid = $_POST['hid'];
$tn = $_POST['tn'];
$us = $_POST['us'];
$pw = $_POST['pw'];
$ul = $_POST['ul'];
$chk = $_POST['chk'];
$chkcount = count($id);
for ($i = 0; $i < $chkcount; $i++) {
$pwHash = password_hash($pw[$i], PASSWORD_BCRYPT, array('cost' => 10));
$MySQLiconn->query("UPDATE user SET FName='$fn[$i]', LName='$ln[$i]', Email='$em[$i]', HerbalifeID='$hid[$i]', TelNr='$tn[$i]', UplineS='$us[$i]', Password='$pwHash', UserLevel='$ul[$i]' WHERE UserID=".$id[$i]);
}
header("Location: indexAdmin.php");
The changes are
pwHash
variable and update table inside the same loop. $pw[$i]
as other variables like $id
and $fn
- they all appears to be arrays. $pwHash
is not an array, access it like a scalar variable. password_hash
function - update based on comment by Paul Crovella There are several issues related with the code. And primary one I believe is the fact that the code is opened to SQL injection attack .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.