Marie Posted August 4, 2020 Report Share Posted August 4, 2020 I am trying to adapt code on my registration page to Script 13.6, however am getting and undefined index error for "pass" which represents the password. Otherwise, the remainder of the code follows the Registration code that is in the book. if ($u && $e && $p && $fn && $mi && $ln) { // If everything's OK... // Make sure the email address is available: $q = "SELECT id FROM users WHERE email='$e'"; $r = mysqli_query($db, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($db)); if (mysqli_num_rows($r) == 0) { // Available. // Create the activation code: $a = md5(uniqid(rand(), true)); // Add the user to the database: // Make the query: $q = "INSERT INTO users (username, email, pass, first_name, middle_name, last_name, active, agree, date_expires) VALUES (?, ?, ?, ?, ?, ?, ?, 'Agree', DATE_ADD(NOW(), INTERVAL 2 YEAR) )"; // Prepare the statement: $stmt = mysqli_prepare($db, $q); // Bind the variables: mysqli_stmt_bind_param($stmt, 'sssssss', $u, $e, $p, $fn, $mi, $ln, $a); // Assign the values to variables: $u = $_POST['username']; $e = $_POST['email']; $p = $_POST['pass']; $fn = $_POST['first_name']; $mi = $_POST['middle_name']; $ln = $_POST['last_name']; $a = $_POST['active']; // Execute the query: mysqli_stmt_execute($stmt); Quote Link to comment Share on other sites More sharing options...
Larry Posted August 5, 2020 Report Share Posted August 5, 2020 Most likely this is because you don't have an input named 'pass' in your form. On another note, though, it's not a great idea to store the user's password in an unencrypted manner. Quote Link to comment Share on other sites More sharing options...
Marie Posted August 6, 2020 Author Report Share Posted August 6, 2020 22 hours ago, Larry said: Most likely this is because you don't have an input named 'pass' in your form. On another note, though, it's not a great idea to store the user's password in an unencrypted manner. Yes, that was the problem. I tried several different variations and it was continually entering the user's password in an unencrypted manner SO I left it out. I also took out $a = $_POST['active']; The information is now going into the database and the password is hashed. I am now wondering about the significance of the last part of the prepared statement where one assigns the values to the variables if one can simply remove some of them? $q = "INSERT INTO users (username, email, pass, first_name, middle_name, last_name, active, agree, date_expires) VALUES (?, ?, ?, ?, ?, ?, ?, 'Agree', DATE_ADD(NOW(), INTERVAL 2 YEAR) )"; // Prepare the statement: $stmt = mysqli_prepare($db, $q); // Bind the variables: mysqli_stmt_bind_param($stmt, 'sssssss', $u, $e, $p, $fn, $mi, $ln, $a); // Assign the values to variables: $u = $_POST['username']; $e = $_POST['email']; $fn = $_POST['first_name']; $mi = $_POST['middle_name']; $ln = $_POST['last_name']; //$a = $_POST['active']; Quote Link to comment Share on other sites More sharing options...
Larry Posted August 7, 2020 Report Share Posted August 7, 2020 I assume you're putting blank values into the database then. Right now you bind 7 variables to parameters but only assign values to 5 variables. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.