Marie Posted August 4, 2020 Share Posted August 4, 2020 I am trying to adapt code on my registration page to Script 13.6, however am getting and undefined index error for "pass" which represents the password. Otherwise, the remainder of the code follows the Registration code that is in the book. if ($u && $e && $p && $fn && $mi && $ln) { // If everything's OK... // Make sure the email address is available: $q = "SELECT id FROM users WHERE email='$e'"; $r = mysqli_query($db, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($db)); if (mysqli_num_rows($r) == 0) { // Available. // Create the activation code: $a = md5(uniqid(rand(), true)); // Add the user to the database: // Make the query: $q = "INSERT INTO users (username, email, pass, first_name, middle_name, last_name, active, agree, date_expires) VALUES (?, ?, ?, ?, ?, ?, ?, 'Agree', DATE_ADD(NOW(), INTERVAL 2 YEAR) )"; // Prepare the statement: $stmt = mysqli_prepare($db, $q); // Bind the variables: mysqli_stmt_bind_param($stmt, 'sssssss', $u, $e, $p, $fn, $mi, $ln, $a); // Assign the values to variables: $u = $_POST['username']; $e = $_POST['email']; $p = $_POST['pass']; $fn = $_POST['first_name']; $mi = $_POST['middle_name']; $ln = $_POST['last_name']; $a = $_POST['active']; // Execute the query: mysqli_stmt_execute($stmt); Link to comment Share on other sites More sharing options...
Larry Posted August 5, 2020 Share Posted August 5, 2020 Most likely this is because you don't have an input named 'pass' in your form. On another note, though, it's not a great idea to store the user's password in an unencrypted manner. Link to comment Share on other sites More sharing options...
Marie Posted August 6, 2020 Author Share Posted August 6, 2020 22 hours ago, Larry said: Most likely this is because you don't have an input named 'pass' in your form. On another note, though, it's not a great idea to store the user's password in an unencrypted manner. Yes, that was the problem. I tried several different variations and it was continually entering the user's password in an unencrypted manner SO I left it out. I also took out $a = $_POST['active']; The information is now going into the database and the password is hashed. I am now wondering about the significance of the last part of the prepared statement where one assigns the values to the variables if one can simply remove some of them? $q = "INSERT INTO users (username, email, pass, first_name, middle_name, last_name, active, agree, date_expires) VALUES (?, ?, ?, ?, ?, ?, ?, 'Agree', DATE_ADD(NOW(), INTERVAL 2 YEAR) )"; // Prepare the statement: $stmt = mysqli_prepare($db, $q); // Bind the variables: mysqli_stmt_bind_param($stmt, 'sssssss', $u, $e, $p, $fn, $mi, $ln, $a); // Assign the values to variables: $u = $_POST['username']; $e = $_POST['email']; $fn = $_POST['first_name']; $mi = $_POST['middle_name']; $ln = $_POST['last_name']; //$a = $_POST['active']; Link to comment Share on other sites More sharing options...
Larry Posted August 7, 2020 Share Posted August 7, 2020 I assume you're putting blank values into the database then. Right now you bind 7 variables to parameters but only assign values to 5 variables. Link to comment Share on other sites More sharing options...
Recommended Posts