I'm trying to build a php form that will insert users into users table. User name and User email will be entered manually via a HTML form and User Password will be generated randomly at the same time. This is my code:
<?php
if (isset($_POST['insert'])) {
require_once 'dblogin.php';
$OK = false;
$conn = new mysqli ($host, $user, $password, $database) or die("Connection Failed");
$stmt = $conn->stmt_init();
$sql = 'INSERT INTO users (user_email, user_name, user_password)
VALUES(?, ?, des_encrypt(substring (md5(rand(),1,8))))';
if ($stmt->prepare($sql)) {
// bind parameters and execute statement
$stmt->bind_param('sss', $_POST['user_email'], $_POST['user_name'], $_POST['user_password']);
// execute and get number of affected rows
$stmt->execute();
if ($stmt->affected_rows > 0) {
$OK = true;
}
}
if ($OK) {
header('Location: confirm.php');
exit;
} else {
$error = $stmt->error;
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title>Add User</title>
</head>
<body>
<h1>Add User</h1>
<?php if (isset($error)) {
echo "<p>Error: $error</p>";
} ?>
<form id="form1" method="post" action="">
<p>
<label for="user_email">User email:</label>
<input name="user_email" type="text" class="widebox" id="user_email">
</p>
<p>
<label for="user_name">User name:</label>
<input name="user_name" type="text" class="widebox" id="user_name">
</p>
<p>
<input type="submit" name="insert" value="Register New User" id="insert">
</p>
</form>
</body>
</html>
The error I'm getting is: Error: Incorrect parameter count in the call to native function 'md5'. I'm a beginner and I have never used md5, could someone please help ? Thanks
Problem is here :
$sql = 'INSERT INTO users (user_email, user_name, user_password)
VALUES(?, ?, des_encrypt(substring (md5(rand(),1,8))))';
MD5 takes only one parameter - the string to be hashed.
Try this :
$sql = 'INSERT INTO users (user_email, user_name, user_password)
VALUES(?, ?, des_encrypt(substring(md5(rand()),1,8)))';
I think you are trying to do this...
SUBSTRING( MD5( RAND( ) ) , 1, 8 )
Instead of
substring (md5(rand(),1,8))
Your query should be like this...
$sql = 'INSERT INTO users (user_email, user_name, user_password)
VALUES (?, ?, DES_ENCRYPT( SUBSTRING( MD5( RAND( ) ) , 1, 8 ) ) )';
I've never used mysqli .. but, the error is 'incorrect param count'.. if you look at your code:
(user_email, user_name, user_password) - thats 3 columns and (?, ?, des_encrypt(substring (md5(rand(),1,8)))) .. 3 columns
vs:
$stmt->bind_param('sss', $_POST['user_email'], $_POST['user_role'], $_POST['user_password']); . . 4 params..
Remove the 'sss' ?
Also, looking at the matching, as it is, once u remove the 'sss' your still going to be posting: user_email = $_POST['user_email'] user_password = $POST['user_role'] . .
So you need to make it
`$stmt->bind_param($_POST['user_email'], $_POST['user_name']);