MySQL replaces my PHP input data
Get the solution ↓↓↓So, I've been trying to create a Signup/Login process using PHP and MySQL. I created a Signup form, and a handling page. Then I tred it out, set the email as[email protected]
and password asMyPassword
.
I then checked the database and got surprised. The email was correctly inputted, alright, but the password wasn't! It was one of the passwords that I used to test before, and it is a pretty personal one.
Every time I tried it again, the same thing happened. The password was always changed to my personal one whenever I signed up.
The problem is that, in my code, I don't have that personal password, anywhere. I only used it to test my signup flow once, and now it's stuck to my database!
Here, I registered using test credentials. The password isasd
and it's obviously 3 letters long.
But when I check the database, I see the following. Even though I edited the password so you can't see it, it's still obvious it's more than 3 letters long.
Is this some kind of MySQL over-writing thing, that I just don't know about yet?
Here is the full code of the SignUp Page (Might be a little long, bear with me):
<?php
session_start();
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$email = $_POST['signUpemail'];
$password = $_POST['signUppassword'];
include("mysql_base.php");
echo "Preparing MYSQL Statement...<br>";
echo "<script>";
echo "firstPart()";
echo "function firstPart() {";
echo "document.write('Starting to process MYSQL Statement...')";
echo "window.setTimeout(secondPart(),2000)";
echo "}";
echo "function secondPart() {";
echo "document.write('Starting to stop processing MSYQL Statement...')";
echo "}";
echo "</script>";
echo "Started to proccess...<br>";
$sql = "INSERT INTO pages_accounts (email, pass, firstname, lastname, confirm) VALUES ('".$email."','".$password."','".$firstName."','".$lastName."','0')";
if ($conn->query($sql) === true){
echo "<b>SIGNUP SUCCESS</b><br>";
echo "SUCH HAPPINESS. WOW. MMM.<br><br>";
echo "--Check your mail for a confirmation email. Check SPAM too!--";
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$headers .= 'From: FoxInFlame Pages<[email protected]>' . "\r\n";
$message = "
<html>
<body>
<center>
<div style='background-color:orange'><h1>Confirm your Account</h1><br><h3>At FoxInFlame Pages</h3></div>
You seem to have registered for an account at FoxInFlame Pages. Now please click on the following link to complete your registration, and start creating amazing websites!<br><a href='http://www.foxinflame.tk/pages/confirm.php?id=".$conn->insert_id."'>Click Here</a>
</center>
</body>
</html>
";
mail($email, "[CONFIRM] Account on FoxInFlame Pages", $message);
} else {
echo "MUCH SADNESS. SUCH DEPRESSION. FAIL ERROR. NO RETURN.";
echo "Error: ".$sql."<br>".$conn->error;
};
?>
Answer
Solution:
Your problem will be ininclude("mysql_base.php");
. That file will be setting$password
for it's own internal use, which is overwriting the$password
variable that you get from$_POST
;
2 options to get around this:
1 - Open the database connection first.
<?php
session_start();
include("mysql_base.php");
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$email = $_POST['signUpemail'];
$password = $_POST['signUppassword'];
2 - Use different variable names:
<?php
session_start();
include("mysql_base.php");
$signup_firstName = $_POST['firstName'];
$signup_lastName = $_POST['lastName'];
$signup_email = $_POST['signUpemail'];
$signup_password = $_POST['signUppassword'];
Aside from this, the password field on the sign up page doesn't havename="signUppassword"
, and you have no SQL Injection protection.
Answer
Solution:
On your page I see:
<input style="color:white" type="password" name="password" required="" autocomplete="off">
So your input name is password
But in your code you are trying to get signUppassword:
$password = $_POST['signUppassword'];
Do you have some transformation somewhere ? javascript?
Share solution ↓
Additional Information:
Link To Answer People are also looking for solutions of the problem: 403 this action is unauthorized.
Didn't find the answer?
Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.
Similar questions
Find the answer in similar questions on our website.
Write quick answer
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.