The password does not pass hashing and is sent open to the database, how to solve this?

V

Vyacheslav Marvin2020-05-08 16:52:47

PHP

Vyacheslav Marvin, 2020-05-08 16:52:47

Hello!

When using the password hashing function, it does not display an error and sends the password open to the database, using this function for the first time. Explain what I'm doing wrong?

if (!empty($_POST)){
        if ( !isset($_POST['name']) || !isset($_POST['lastname']) || !isset($_POST['email']) || !isset($_POST['pass']) ) {
            echo 'Не все данные заполнены!!!';
            die;
        }
       
        $name = $_POST['name'];
        $lastname = $_POST['lastname'];
        $email = $_POST['email'];
        $pwd = $_POST['pass'];
                
        $hashed_password = password_hash($pwd, PASSWORD_DEFAULT);
        //var_dump($hashed_password); //Выводим хеширвоанный пароль
        
        $stmt = $dbh->prepare("INSERT INTO users (name, lastname, email, password) VALUES (:name, :lastname, :email, :pass)");
        $stmt->bindParam(':name', $name);
        $stmt->bindParam(':lastname', $lastname);
        $stmt->bindParam(':email', $email);
        $stmt->bindParam(':pass', $pwd);

        $falg = $stmt->execute();
        
        if ($falg) {
                echo 'Успешно';
                die;
        } else {
                echo 'Ошибка';
                echo "\nPDO::errorInfo():\n";
                print_r($dbh->errorInfo()); //Выводим ошибки
                die;
        }    
    }

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

R

Rsa97, 2020-05-08
@Marcheslav

$hashed_password = password_hash($pwd, PASSWORD_DEFAULT);
...
$stmt->bindParam(':pass', $pwd );