473,387 Members | 3,820 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > insert into db using keys and md5

Join Bytes to post your question to a community of 473,387 software developers and data experts.

Insert into db using keys and MD5

hI all,
Am hoping someone can point me in the right direction here. I have some basic code that I used to add staff members to my db with. Now I am wanting to secure the password using MD5 and am stuck terribly here,
I have a file called config.inc.php and the contents are:
Expand|Select|Wrap|Line Numbers
  1. <?php
  2.     $salt="somegreatstuff";
  3. //captcha
  4.         $publickey = "6LctuMgSAAAAADBvul3A-jipON8SydIBK3S67gdR";
  5.         $privatekey = "6LctuMgSAAAAAHM54D2yt0HX1iaIpz1Yv6Inq2nG";
  6. ?>
I include this file in my "addstaff.php" file but cannot get the password into the db in MD5 format. Everything gets inserted and my var_dump shows the password being inserted as text.
This is my current code and hope someone can show me my error which I think is around lines 18&19. Those 2 lines are code I borrowed from another of my files that use keys in the insert. As my knowledge is still very basic in php I have come unstuck...I tried placing those two line around line 31 and then on "submit" my var_dump reports that the column called "password" was being submitted twice..

Expand|Select|Wrap|Line Numbers
  1. <?php
  2.   include '../dbfunctions.php';
  3.   include '../config.inc.php';
  4.   session_start();
  5.   $link = dbConnect();
  6.  
  7.   checkStaffLogin();
  8.  
  9. $staffs = dbGetRows("staff", "id = '".$_SESSION['stid']."'");
  10. $staff = mysql_fetch_array($staffs, MYSQL_ASSOC);
  11. echo $stid;
  12. echo $staff['surname'];
  13. $coid = $staff['company_id'];
  14.  
  15.   if( isset($_POST['Submit']) ) {
  16.     $keys = "";
  17.     $values = "";
  18.     if($k=="password")
  19.     $v=md5($v.$salt);
  20.  
  21.     foreach($_POST as $k => $v) {
  22.       if( $k != "Submit" ) {
  23.         if( $keys == "" ) $keys = "`".$k."`"; else $keys .= ", `".$k."`";
  24.         if( $values == "" ) $values = "'".$v."'"; else $values .= ", '".$v."'";
  25.  
  26.       }
  27.     }
  28.  
  29.     $keys .= ", `dateadded`";
  30.     $values .= ", '".date("Y-m-d")."'";
  31.  
  32.  
  33.     $unamecheckresult = dbGetRows("staff", "username = '".$_POST['username']."'");
  34.  
  35.     $errorcode = "0";
  36.     if( mysql_num_rows($unamecheckresult) > 0 ) $errorcode = "1";
  37.     if( $_POST['username'] == "" ) $errorcode = "2";
  38.     if( $_POST['password'] == "" ) $errorcode = "3";
  39.  
  40.     $query = "INSERT INTO staff (".$keys.") VALUES (".$values.");";
  41.     if( mysql_num_rows($unamecheckresult) == 0 && $_POST['username'] != "" && $_POST['password'] != "") $result = mysql_query($query, $link) or die("Query failed : ".    $query."<br>". mysql_error());
  42.     var_dump ($query);
  43.  
  44.   } 
  45.  
  46. ?>
  47. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  48. <html>
  49. <head>
  50. <title>Add Staff Member</title>
  51. <link rel="shortcut icon" type="image/x-icon" href="../images/favicon.ico">
  52. <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
  53. <link href="../bb.css" rel="stylesheet" type="text/css">
  54. <script src="../usableforms1.js"></script>
  55. </head>
  56.  
  57. <body onLoad="prepareForm()">
  58. <table width="80%" border="0" cellspacing="0" cellpadding="0" align="center">
  59.   <tr> 
  60.     <td width="23"><img src="http://bytes.com/submit/images/brdr-tl.gif"></td>
  61.     <td width="0*" background="../images/brdr-t2.gif" style="background-repeat: repeat-x;"></td>
  62.     <td width="23"><img src="http://bytes.com/submit/images/brdr-tr.gif"></td>
  63.   </tr>
  64.   <tr> 
  65.     <td rowspan="2" valign="top" background="../images/brdr-l2-repeat.gif" style="background-repeat: repeat-y; background-position: left;"><img src="http://bytes.com/submit/images/brdr-l2.gif" width="23" <?php if(strpos($_SERVER['HTTP_USER_AGENT'], "MSIE") == 0) echo "style=\"height: 100%\""; ?>></td>
  66.     <td valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0">
  67.         <tr> 
  68.           <td width="174" height="81" align="center"><img src="http://bytes.com/submit/images/zululogo.gif" width="159" height="61"></td>
  69.           <td width="626" align="right" valign="bottom"><input type="button" name="Cancel2" value="Cancel" onClick="window.close(); opener.location.reload(true);"></td>
  70.         </tr>
  71.       </table>
  72.       <a href="javascript:;" onClick="if( document.getElementById('advancedbox').style.display == 'block' ) document.getElementById('advancedbox').style.display = 'none'; else document.getElementById('advancedbox').style.display = 'block';"><font size="3"><b> 
  73.       </b></font></a> <table width="100%" border="0" cellspacing="0" cellpadding="3" style="border: 1px solid #BBBBBB;">
  74.         <tr> 
  75.           <td bgcolor="#F5F5F5"><font size="3" color="#880000"><b><?php echo $company['coname']; ?>:&nbsp;Add Staff Member</b></font> </a></td>
  76.         </tr>
  77.       </table>
  78.       <br> 
  79.       <?php 
  80.   if(isset($_POST['Submit'])) {
  81.    switch( $errorcode ) {
  82.      case "0":
  83.         echo "Staff Member Succesfully Added.<br><br>
  84.             <a href=\"javascript:;\" onClick=\"window.close(); opener.location.reload(true)\">[CLOSE WINDOW]</a><br> <br> 
  85.             <td valign=\"top\" background=\"../images/brdr-r2-repeat.gif\" style=\"background-repeat: repeat-y; background-position: right;\"><img src=\"../images/brdr-r2.gif\" width=\"23\" ".(strpos($_SERVER['HTTP_USER_AGENT'], "MSIE") == 0 ? "style=\"height: 100%\"" : "")."></td>
  86.   </tr>
  87.   <tr> 
  88.     <td><img src=\"../images/brdr-bl.gif\"></td>
  89.     <td background=\"../images/brdr-b2.gif\" style=\"background-repeat: repeat-x;\"></td>
  90.     <td><img src=\"../images/brdr-br.gif\"></td>
  91.   </tr>
  92. </table>
  93. <br>
  94. </body>
  95. </html>
  96. ";
  97.         die();
  98.         break;
  99.      case "1":
  100.         echo "<font color=\"#FF0000\">The username you entered already exists, please enter an alternate username.</font><br><br>";
  101.         break;
  102.      case "2":  
  103.         echo "<font color=\"#FF0000\">Please enter a username!</font><br><br>";
  104.         break;
  105.      case "3":  
  106.         echo "<font color=\"#FF0000\">Please enter a password!</font><br><br>";
  107.         break;      
  108.     }       
  109.   }
  110. ?>
  111.       <br> <form name="form1" method="post" action="addstaff.php">
  112.         <table bgcolor="#FAFAFA" border="0" cellspacing="5" cellpadding="2" style="border: 1px solid #BBBBBB;">
  113.           <tr>
  114.             <td><b>Login Details</b></td>
  115.             <td width="213" colspan="-2"><input type="hidden" name="company_id" value="<?php echo $coid; ?>">
  116.                 <input type="hidden" name="status" value="1"></td>
  117.           </tr>
  118.           <tr>
  119.             <td colspan="2" class="small">Allocated the staff member a username and password.</td>
  120.           </tr>
  121.           <tr>
  122.             <td><b>Username:</b></td>
  123.             <td width="213" colspan="-2"><input type="text" name="username">            </td>
  124.           </tr>
  125.           <tr>
  126.             <td><b>Password:</b></td>
  127.             <td width="213" colspan="-2"><input type="password" name="password">            </td>
  128.           </tr>
  129.           <tr>
  130.             <td><b>Is an Administrator?</b></td>
  131.             <td colspan="-2">&nbsp;</td>
  132.           </tr>
  133.           <tr>
  134.             <td colspan="2"><hr></td>
  135.           </tr>
  136.           <tr>
  137.             <td><b>Title:</b></td>
  138.             <td colspan="-2"><select name="title" size="1">
  139.                 <option>Mr.</option>
  140.                 <option>Mrs.</option>
  141.                 <option>Ms.</option>
  142.                 <option>Adv.</option>
  143.                 <option>Prof.</option>
  144.                 <option>Dr.</option>
  145.             </select></td>
  146.           </tr>
  147.           <tr>
  148.             <td><b>First Name:</b></td>
  149.             <td width="213" colspan="-2"><input type="text" name="firstname" value="<?php echo $_POST['firstname']; ?>"></td>
  150.           </tr>
  151.           <tr>
  152.             <td><b>Surname:</b></td>
  153.             <td colspan="-2"><input type="text" name="surname" value="<?php echo $_POST['surname']; ?>"></td>
  154.           </tr>
  155.           <tr>
  156.             <td><b>Telephone No:</b></td>
  157.             <td colspan="-2"><input type="text" name="tel" value="<?php echo $_POST['tel']; ?>"></td>
  158.           </tr>
  159.           <tr>
  160.             <td><b>Cell Number:</b></td>
  161.             <td colspan="-2"><input type="text" name="cell" value="<?php echo $_POST['cell']; ?>"></td>
  162.           </tr>
  163.           <tr>
  164.             <td><b>E-Mail Address:</b></td>
  165.             <td colspan="-2"><input type="text" name="email" value="<?php echo $_POST['email']; ?>"></td>
  166.           </tr>
  167.  
  168.           <tr>
  169.             <td colspan="2"><hr></td>
  170.           </tr>
  171.           <tr>
  172.             <td>&nbsp;</td>
  173.             <td colspan="-2" align="right"><input type="submit" name="Submit" value="Submit">
  174.                 <input type="button" name="Cancel" value="Cancel" onClick="window.close(); opener.location.reload(true);"></td>
  175.           </tr>
  176.         </table>
  177.       </form></td>
  178.     <td rowspan="2" valign="top" background="../images/brdr-r2-repeat.gif" style="background-repeat: repeat-y; background-position: right;"><img src="http://bytes.com/submit/images/brdr-r2.gif" width="23" <?php if(strpos($_SERVER['HTTP_USER_AGENT'], "MSIE") == 0) echo "style=\"height: 100%\""; ?>></td>
  179.   </tr>
  180.   <tr>
  181.     <td valign="top">&nbsp;</td>
  182.   </tr>
  183.   <tr> 
  184.     <td><img src="http://bytes.com/submit/images/brdr-bl.gif"></td>
  185.     <td background="../images/brdr-b2.gif" style="background-repeat: repeat-x;"></td>
  186.     <td><img src="http://bytes.com/submit/images/brdr-br.gif"></td>
  187.   </tr>
  188. </table>
  189. <table><tbody id="waitingRoom"
  190.       style="display: none"></tbody></table>
  191.  
  192. <br>
  193. </body>
  194. </html>
Dec 4 '11 #1

✓ answered by omerbutt

yup he's(Dormilich) right about it ,
Expand|Select|Wrap|Line Numbers
  1. foreach($_POST as $k => $v)
bu i think that along with it this must be also the cause as the salt value is already stored into $v and then in the for each the $v is actually the text input from the post array change this
Expand|Select|Wrap|Line Numbers
  1.  if( isset($_POST['Submit']) ) {
  2.         $keys = "";
  3.         $values = "";
  4.         if($k=="password")
  5.         $v=md5($v.$salt);
  6.  
  7.         foreach($_POST as $k => $v) {
  8.           if( $k != "Submit" ) {
  9.             if( $keys == "" ) $keys = "`".$k."`"; else $keys .= ", `".$k."`";
  10.             if( $values == "" ) $values = "'".$v."'"; else $values .= ", '".$v."'";
  11.  
  12.           }
  13.         }
to this
Expand|Select|Wrap|Line Numbers
  1. if( isset($_POST['Submit']) ) {
  2.         $keys = "";
  3.         $values = "";
  4.  
  5.  
  6.         foreach($_POST as $k => $v) {
  7.             if($k=="password")
  8.             $v=md5($v.$salt);
  9.           if( $k != "Submit" ) {
  10.             if( $keys == "" ) $keys = "`".$k."`"; else $keys .= ", `".$k."`";
  11.             if( $values == "" ) $values = "'".$v."'"; else $values .= ", '".$v."'";
  12.  
  13.           }
  14.         }
and what zorgi said is related to the cause too ($k, $v and $salt they need to be defined somewhere before)

regards,
Omer Aslam

6 1955
zorgi
431 Expert 256MB
If variables $k, $v and $salt are not defined somewhere in files you included than lines 19 & 20 make no seance. PHP needs to know exactly what those variables are to use them.
Dec 5 '11 #2
Dormilich
8,658 Expert Mod 8TB
firstly it is highly dangerous to uncheckedly take user input in your SQL query. anyone could write a form, post to your script and may execute whatever he likes on the DB (called SQL injection).

the other point is that you md5 the password, but you don’t use it, since it is outside the foreach loop.
Dec 5 '11 #3
omerbutt
638 512MB
yup he's(Dormilich) right about it ,
Expand|Select|Wrap|Line Numbers
  1. foreach($_POST as $k => $v)
bu i think that along with it this must be also the cause as the salt value is already stored into $v and then in the for each the $v is actually the text input from the post array change this
Expand|Select|Wrap|Line Numbers
  1.  if( isset($_POST['Submit']) ) {
  2.         $keys = "";
  3.         $values = "";
  4.         if($k=="password")
  5.         $v=md5($v.$salt);
  6.  
  7.         foreach($_POST as $k => $v) {
  8.           if( $k != "Submit" ) {
  9.             if( $keys == "" ) $keys = "`".$k."`"; else $keys .= ", `".$k."`";
  10.             if( $values == "" ) $values = "'".$v."'"; else $values .= ", '".$v."'";
  11.  
  12.           }
  13.         }
to this
Expand|Select|Wrap|Line Numbers
  1. if( isset($_POST['Submit']) ) {
  2.         $keys = "";
  3.         $values = "";
  4.  
  5.  
  6.         foreach($_POST as $k => $v) {
  7.             if($k=="password")
  8.             $v=md5($v.$salt);
  9.           if( $k != "Submit" ) {
  10.             if( $keys == "" ) $keys = "`".$k."`"; else $keys .= ", `".$k."`";
  11.             if( $values == "" ) $values = "'".$v."'"; else $values .= ", '".$v."'";
  12.  
  13.           }
  14.         }
and what zorgi said is related to the cause too ($k, $v and $salt they need to be defined somewhere before)

regards,
Omer Aslam
Dec 5 '11 #4
Hi all.. thanks a ton for your time. Your solutions fixed my problem and after changing the code i ended up with what Omar has outlined and now everything is hunky dory... thanks once again to you all...
I have a lot to learn regarding MD5, some say it is not secure, some say I should be on SHA and yet others are saying I should use the built in PHP/MYSL features so I ahve a lot to read up on :)
Many thanks once again...
Dec 5 '11 #5
omerbutt
638 512MB
Hey,
I am glad to be of some help o good luck with your R&D, please choose the correct answer so that others searching for the same problem might get some help too.
regards,

Omer Aslam
Dec 5 '11 #6
Dormilich
8,658 Expert Mod 8TB
I have a lot to learn regarding MD5, some say it is not secure, some say I should be on SHA and yet others are saying I should use the built in PHP/MYSL features so I ahve a lot to read up on :)
that’s right, MD5 can be exploited (i.e. you can relatively easily find a string with the same MD5 hash).

pretty much every other algorithm is more secure, probably the most common are SHA256+ and RIPEMD160+. the PHP function that handles that is hash() resp. hash_hmac() for salted hashing.
Dec 5 '11 #7

Sign in to post your reply or Sign up for a free account.

Similar topics

2
insert using sqlparameters
by: nbohana | last post by:
I am trying use the following code to update sql. The problem is it only works once, then I get a message that the '@Param1' can only be used once. I need to know how to reuse these things or...
C# / C Sharp
1
using keys in datagrid in vb .net
by: Saji .net | last post by:
how I can use control keys like enter in datagrid cell in vb.net?
Visual Basic .NET
7
join dictionaries using keys from one & values
by: ProvoWallis | last post by:
I'm still learning python so this might be a crazy question but I thought I would ask anyway. Can anyone tell me if it is possible to join two dictionaries together to create a new dictionary using...
Python
12
Simple Insert using Case statement
by: rAinDeEr | last post by:
Hi, I have a table with 2 columns ** CREATE TABLE test (emp_num DECIMAL(7) NOT NULL,emp_name CHAR(10) NOT NULL) and i have inserted a number of records. ** Now, I want to insert a new...
DB2 Database
3
insert using stored procedure and sql datasource control
by: mahajanvit | last post by:
Hi one and all I got this problem during my project. So in order to solve this I made a very small application. I am trying to insert using SP and sqldatasource control. I know that while using...
ASP.NET
6
How to select and insert using asp
by: MrHelpMe | last post by:
Hello experts, O.k I give up on this. I have an LDAP query from asp working correctly. It is returning data fine. Now I need to know how to take this data and then submitt it into the...
ASP / Active Server Pages
4
mass INSERT using HTML field, delimiters
by: Choronzon | last post by:
What commands do i need to start looking into, to complete a mass insert of info into a database. im looking to insert something like this: player_name | player_id | location I want to have...
MySQL Database
1
Insert using RRN?
by: bobble | last post by:
Is there any way to insert a record as the first record in an existing table, insert using RRN =1? What I'm building are several files to be used by Excel from an iSeries using DB2. I want to add the...
DB2 Database
1
How to bulk update/insert using Linq
by: nadavgg | last post by:
Hi, I have recently developed a C# application using Linq. I am getting from an external database a list of profiles I need to process, some are new and some are already in the database, and need to...
.NET Framework
1
JustRun
C# Return Identity after insert using SQL DB
by: JustRun | last post by:
Hi, I need to know how to return th Id after inserting row, I can do it by many ways, but I need to know why my code doesn't work? This is a way: { product.proId = _proId; ...
ASP.NET
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!