function logic funcion

[abubaker0000]

function abuf_user_add($name,$password,$email,$isadmin)
{
	global $af_con;
	if((empty($name)) || (empty($password)) || (empty($email)) || empty($isadmin))
	{
		return false; // for check that is not empty
	}
	$n_email  =mysqli_real_escape_string($af_con,strip_tags($email));
	if(!filter_var($n_email,FILTER_VALIDATE_EMAIL))//for make sure that is email
	{
		return false;
	}
	$n_name   =mysqli_real_escape_string($af_con,strip_tags($name));//
	$n_pass   =md5(mysqli_real_escape_string($af_con,strip_tags($password)));// for encrypting password
	$n_isadmin=(int)$isadmin;
	$query=sprintf("insert into `user` valuse (NULL,'%s','%s','%s','%d')",$n_name,$n_pass,$email,$n_isadmin);
	echo $query;
	$qresult=mysqli_query($af_con,$query);
	if(!$qresult)
	{
		return false;
	}
	return true;
}

in this insert function there is a logic error ... how I can fix it ?

[requinix]

I don't see any logic errors. I do see a typo in your SQL. Unless I'm mistakne, of coures.

[abubaker0000]

there are no data inserted in the table

[ginerjm]

what makes you say "there is a logic error"?

[abubaker0000]

because it's no syntax error

[requinix]

because it's no syntax error

Think again.

[abubaker0000]

thanks a lot .... I found the mistake ..... in the query ..... the values word is wrong 

[Ch0cu3r]

thanks a lot .... I found the mistake ..... in the query ..... the values word is wrong 

So this is solved?

[cyberRobot]

Side note:

In case you're not aware, md5() should not be used for hashing passwords. More information can be found in the PHP manual:

http://php.net/manual/en/faq.passwords.php#faq.passwords.fasthash

[Jacques1]

It's not just the MD5. For some strange reason you've decided to actively change the password by throwing all kinds of functions at it before you store it in the database.

 

Using strip_tags() is particularly harmful, because it deletes everything that resembles HTML markup. If the password happens to include a “<”, then strip_tags() will cut off the password from that point. For example, the strong password “]/q<G,.K9A” would become the incredibly weak password “]/q”. That's obviously a big problem.

 

Do not silently alter the user password! When I choose a password, I want this password, not a shorter password or a different password chosen by you. If you don't know how to protect yourself from SQL injections and cross-site scripting, then ask. But don't just randomly apply all kinds of functions in the hopes that this will somehow make you secure. Programming doesn't work like this.

 

You need to learn about

• prepared statements as a secure and robust way to pass values from PHP to the database system without fumbling with mysqli_real_escape_string()
• bcrypt as a modern password hash algorithm
• how to correctly protect yourself against cross-site scripting; you should erase strip_tags() from your memory