rightone Posted November 17, 2010 Share Posted November 17, 2010 Hi, I'm trying to add encryption to a signup for a college assignment, but find that after adding the sha1 and salt encryption the code does not work. The code worked before adding the encryption. Since adding the encryption I've also adding the corresponding fields for username and password into the sql database and double checked, and triple checked all the php, html form and MySQL tables and fields, but don't see any thing wrong. Can anybody else see any immediate problems with the code snippet below? If so, can you please let me know? session_start(); $salt = 'The sky is blue and all the trees are green'; $data = array_map('mysql_escape_string', $_POST); $password = sha1($data['password'].$salt); $query = " INSERT INTO customers ( first_name, last_name, address, mobile, email, username, password ) VALUES ( '{$data['first_name']}', '{$data['last_name']}', '{$data['address']}', '{$data['mobile']}', '{$data['email']}' '{$data['username']}', '$password' ) "; if(mysql_query($query)) { echo 'Your login details have been saved.'; } else { echo 'Your login details have not been saved.<br>'; echo 'Please try again later.'; } Thanks. Quote Link to comment https://forums.phpfreaks.com/topic/218947-code-will-not-work-after-adding-sha1-and-salt-encryption/ Share on other sites More sharing options...
Adam Posted November 17, 2010 Share Posted November 17, 2010 What output do you see? Have you tried checking for errors with mysql_error ? Quote Link to comment https://forums.phpfreaks.com/topic/218947-code-will-not-work-after-adding-sha1-and-salt-encryption/#findComment-1135454 Share on other sites More sharing options...
revraz Posted November 17, 2010 Share Posted November 17, 2010 In your database, is your field length set correctly to store the entire password? Quote Link to comment https://forums.phpfreaks.com/topic/218947-code-will-not-work-after-adding-sha1-and-salt-encryption/#findComment-1135457 Share on other sites More sharing options...
rightone Posted November 17, 2010 Author Share Posted November 17, 2010 What output do you see? Have you tried checking for errors with mysql_error ? Hi MrAdam, Thanks for replying. I've just tried the echo mysql_error() that you suggested, and it says: "Column count doesn't match value count at row 1 " But my tables have the exact same fields used on the submit form, I mean, unless I'm going blind, they correspond exactly. Quote Link to comment https://forums.phpfreaks.com/topic/218947-code-will-not-work-after-adding-sha1-and-salt-encryption/#findComment-1135471 Share on other sites More sharing options...
Pikachu2000 Posted November 17, 2010 Share Posted November 17, 2010 Count the number of fields you list in the INSERT query you're currently using, versus the number of values you're trying to insert. You should find that the numbers are different. Quote Link to comment https://forums.phpfreaks.com/topic/218947-code-will-not-work-after-adding-sha1-and-salt-encryption/#findComment-1135473 Share on other sites More sharing options...
rightone Posted November 17, 2010 Author Share Posted November 17, 2010 In your database, is your field length set correctly to store the entire password? Hi revraz, Thank you for the reply. This is what I've got in the database, the field length is set to char(40) for password? Field Type Collation Attributes Null Default Extra Action id mediumint(4) No None AUTO_INCREMENT first_name varchar(255) latin1_swedish_ci No None last_name varchar(255) latin1_swedish_ci No None address varchar(255) latin1_swedish_ci No None mobile varchar(255) latin1_swedish_ci No None email varchar(255) latin1_swedish_ci No None username char(30) latin1_swedish_ci No None password char(40) latin1_swedish_ci No None Quote Link to comment https://forums.phpfreaks.com/topic/218947-code-will-not-work-after-adding-sha1-and-salt-encryption/#findComment-1135477 Share on other sites More sharing options...
rightone Posted November 17, 2010 Author Share Posted November 17, 2010 Count the number of fields you list in the INSERT query you're currently using, versus the number of values you're trying to insert. You should find that the numbers are different. Hi Pikachu2000, The INSERT query, the number of values, and the number of feilds in the tables (copy of code snippets and table above) are all the exact same seven below: first_name last_name address mobile email username password Thanks for you help though. Quote Link to comment https://forums.phpfreaks.com/topic/218947-code-will-not-work-after-adding-sha1-and-salt-encryption/#findComment-1135484 Share on other sites More sharing options...
Pikachu2000 Posted November 17, 2010 Share Posted November 17, 2010 Post the current query string. Those errors don't just generate for no reason. Quote Link to comment https://forums.phpfreaks.com/topic/218947-code-will-not-work-after-adding-sha1-and-salt-encryption/#findComment-1135485 Share on other sites More sharing options...
PFMaBiSmAd Posted November 17, 2010 Share Posted November 17, 2010 ^^^ I recommend the same, echo your $query string to see exactly what it is. Quote Link to comment https://forums.phpfreaks.com/topic/218947-code-will-not-work-after-adding-sha1-and-salt-encryption/#findComment-1135487 Share on other sites More sharing options...
PFMaBiSmAd Posted November 17, 2010 Share Posted November 17, 2010 Also, you are using 'mysql_escape_string' in the array_map() function. You should be using mysql_real_escape_string Quote Link to comment https://forums.phpfreaks.com/topic/218947-code-will-not-work-after-adding-sha1-and-salt-encryption/#findComment-1135488 Share on other sites More sharing options...
Adam Posted November 17, 2010 Share Posted November 17, 2010 You're missing a comma after '{$data['email']}'.. Field Type Collation Attributes Null Default Extra Action id mediumint(4) No None AUTO_INCREMENT first_name varchar(255) latin1_swedish_ci No None last_name varchar(255) latin1_swedish_ci No None address varchar(255) latin1_swedish_ci No None mobile varchar(255) latin1_swedish_ci No None email varchar(255) latin1_swedish_ci No None username char(30) latin1_swedish_ci No None password char(40) latin1_swedish_ci No None Slightly off-topic, is there a specific reason you're using char over varchar for `username`? char data types pad the data to the specific field length with spaces.. So unless this is purposefully done, using varchar is better for memory. Quote Link to comment https://forums.phpfreaks.com/topic/218947-code-will-not-work-after-adding-sha1-and-salt-encryption/#findComment-1135489 Share on other sites More sharing options...
rightone Posted November 17, 2010 Author Share Posted November 17, 2010 Hi Pikachu2000 and PFMaBiSmAd, I've been studying php and mysql for four hours a week over the past five months, but don't know exactly how to do what you guys suggest with the query string. Could either of you ellaborate and/or give me the specific code needed to echo a $query string? This may be easy for you guys, but at this stage in my IT studies, it's still a bit confusing. Quote Link to comment https://forums.phpfreaks.com/topic/218947-code-will-not-work-after-adding-sha1-and-salt-encryption/#findComment-1135526 Share on other sites More sharing options...
rightone Posted November 17, 2010 Author Share Posted November 17, 2010 Also, you are using 'mysql_escape_string' in the array_map() function. You should be using mysql_real_escape_string Thank you PFMaBiSmAd, I've updated that bit of code. Quote Link to comment https://forums.phpfreaks.com/topic/218947-code-will-not-work-after-adding-sha1-and-salt-encryption/#findComment-1135529 Share on other sites More sharing options...
Pikachu2000 Posted November 17, 2010 Share Posted November 17, 2010 Since you already have the query string stored in the $query variable, you simply echo it like any other variable. For development, you may want to have it echo along with any error returned by MySQL if a query fails. On a live, production site, you don't want to send that type of output to the screen. Log it to the error log file, and display a generic error (if anything) to the user. $query = "SELECT `whatever` FROM `table`; if( $result = mysql_query($query) ) { // query ran } else { // query failed so: echo "<br>Query: $query<br>Produced error: " . mysql_error() . '<br>'; } Quote Link to comment https://forums.phpfreaks.com/topic/218947-code-will-not-work-after-adding-sha1-and-salt-encryption/#findComment-1135535 Share on other sites More sharing options...
rightone Posted November 17, 2010 Author Share Posted November 17, 2010 You're missing a comma after '{$data['email']}'.. Field Type Collation Attributes Null Default Extra Action id mediumint(4) No None AUTO_INCREMENT first_name varchar(255) latin1_swedish_ci No None last_name varchar(255) latin1_swedish_ci No None address varchar(255) latin1_swedish_ci No None mobile varchar(255) latin1_swedish_ci No None email varchar(255) latin1_swedish_ci No None username char(30) latin1_swedish_ci No None password char(40) latin1_swedish_ci No None Slightly off-topic, is there a specific reason you're using char over varchar for `username`? char data types pad the data to the specific field length with spaces.. So unless this is purposefully done, using varchar is better for memory. Thank you MrAdam, The missing comma after '{$data['email']}'.. was the problem! It seems you need to be smart, And have the eyes of an eagle to be really good at this stuff. As for the using char over varchar for `username`, that was what I was told to use by a diploma level IT sutudent. Quote Link to comment https://forums.phpfreaks.com/topic/218947-code-will-not-work-after-adding-sha1-and-salt-encryption/#findComment-1135540 Share on other sites More sharing options...
Adam Posted November 17, 2010 Share Posted November 17, 2010 As for the using char over varchar for `username`, that was what I was told to use by a diploma level IT sutudent. Hmm well what I said is right, not sure what he was thinking there. Then again, just because he has an IT diploma doesn't necessarily mean he knows anything about databases. The only time the char type would prove better for memory in this situation, is if the username length was the full 30 characters. In which case a varchar would need to use an extra byte (so 31 in total) to store the length; < 29 though and you're making a profit. That said, realistically, it's unlikely this will ever cause you problems.. So I wouldn't worry about it. Quote Link to comment https://forums.phpfreaks.com/topic/218947-code-will-not-work-after-adding-sha1-and-salt-encryption/#findComment-1135564 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.