Inserting a password

I’ve got a form on the management system part of my website that i’d like to use to add users. The password is hidden when you enter it into a text box, i just need it to be added to the database so it’s encrypted rather than just plain text…

Here is my query…

$query = "INSERT INTO `auth_user` (`user_id`, `full_name`, `email`, `user_password`) VALUES ('$user', '$full_name', '$email', '$password')";
	  $result = mysql_query($query,$dbid) or die("INSERT error:".mysql_error());

You will want to use something like the following:

…, ‘$email’, md5(’$password’))";

Remember md5() and password() are one way encryption. So when you are checking you will need to check the password that is entered by the user with md5() or password() as well.

md5() is a stronger hash than password()

Check for more information on these.

I used PASSWORD(’$variable’) before but it wouldn’t add anything to the database. It’s working now though.

Instead of me making another thread, i was wondering if you could give me some more advice…

I’ve got a table that contains the users of this particular part of the site and want to set up a way to control these users. I’ve just finished the part that lets you add a user, now i’m onto deleting…

The table has four fields user_id which is the username, full_name, email and password. Is it possible to delete a user from the database with the following query??

For some reason it is telling me that the column called whatever is in $user_id doesn’t exist.

I’m sure it would be better practice to have an actual number for a user_id instead of doing it the way i’m doing it. For now it would be easier to get it working this way that’s why i ask if it’s possible. Thanks

$user_id = $_GET['uid']; 
	// Connect to the database and run the query
  	$dbid = mysql_connect ('localhost', 'user', 'pass');
	          or die ("Cannot find database");
	  $query = "DELETE FROM auth_user WHERE user_id = $user_id";
	  $result = mysql_query($query,$dbid) 
	    or die("Delete error:".mysql_error());

I guess the only thing I can say is that I would make sure that $user_id actually contains something. Just comment out the part where it runs the query and echo out the user_id.

Then I would make sure to put single quotes around $user_id in the query itself. You shouldn’t need to, but you could give it a try.

Other than that I can’t see any reason why this shouldn’t work.

Hmmmm, it’s behaving really strangely. If i give a username a number as a username it will delete it but it chucks out an "Unknown column ‘variable’ in ‘where clause’ error. I’ve echo’d the $user_id variable and it does contain the correct information.

Could it be anything to do with the actual table in the database?

Hi, i’ve solved the problem. When i originally set up the table i chose to use the username as a primary key. I don’t know if this actually had anything to do with the problem but i changed the table so that each user actually has their own id number which i’m now using to delete specific rows from the database. I still can’t get the old bit of code to delete rows where the username was a letter but i reckon this is a more logical way to do it anyway.

Thanks for the help.

Sponsor our Newsletter | Privacy Policy | Terms of Service