Code will not work after adding sha1 and salt encryption

[rightone]

Hi, I'm trying to add encryption to a signup for a college assignment, but find that after adding the sha1 and salt encryption the code does not work.

 

The code worked before adding the encryption.

 

Since adding the encryption I've also adding the corresponding fields for username and password into the sql database and double checked, and triple checked all the php, html form and MySQL tables and fields, but don't see any thing wrong.

 

Can anybody else see any immediate problems with the code snippet below?

 

If so, can you please let me know?

 

 

session_start();

 

$salt = 'The sky is blue and all the trees are green';

 

$data = array_map('mysql_escape_string', $_POST);

$password = sha1($data['password'].$salt);

$query = "

INSERT INTO customers (

first_name,

last_name,

address,

mobile,

email,

username,

password

) VALUES (

'{$data['first_name']}',

'{$data['last_name']}',

'{$data['address']}',

'{$data['mobile']}',

'{$data['email']}'

'{$data['username']}',

'$password'

)

";

if(mysql_query($query)) {

echo 'Your login details have been saved.';

} else {

echo 'Your login details have not been saved.<br>';

echo 'Please try again later.';

}

 

Thanks.

[Adam]

What output do you see? Have you tried checking for errors with mysql_error ?

[revraz]

In your database, is your field length set correctly to store the entire password?

[rightone]

What output do you see? Have you tried checking for errors with mysql_error ?

 

Hi MrAdam,

 

Thanks for replying.

 

I've just tried the echo mysql_error() that you suggested, and it says:

 

"Column count doesn't match value count at row 1 "

 

But my tables have the exact same fields used on the submit form, I mean, unless I'm going blind, they correspond exactly.

   

[Pikachu2000]

Count the number of fields you list in the INSERT query you're currently using, versus the number of values you're trying to insert. You should find that the numbers are different.

[rightone]

In your database, is your field length set correctly to store the entire password?

 

Hi revraz,

 

Thank you for the reply.

 

This is what I've got in the database, the field length is set to char(40) for password?

 

Field Type Collation Attributes Null Default Extra Action

id mediumint(4)  No None AUTO_INCREMENT             

first_name varchar(255) latin1_swedish_ci  No None               

last_name varchar(255) latin1_swedish_ci  No None               

address varchar(255) latin1_swedish_ci  No None               

mobile varchar(255) latin1_swedish_ci  No None               

email varchar(255) latin1_swedish_ci  No None               

username char(30) latin1_swedish_ci  No None               

password char(40) latin1_swedish_ci  No None   

[rightone]

Count the number of fields you list in the INSERT query you're currently using, versus the number of values you're trying to insert. You should find that the numbers are different.

 

Hi Pikachu2000,

 

The INSERT query, the number of values, and the number of feilds in the tables (copy of code snippets and table above) are all the exact same seven below:

 

first_name

last_name

address

mobile

email

username

password

 

Thanks for you help though.

[Pikachu2000]

Post the current query string. Those errors don't just generate for no reason.

[PFMaBiSmAd]

^^^ I recommend the same, echo your $query string to see exactly what it is.

[PFMaBiSmAd]

Also, you are using 'mysql_escape_string' in the array_map() function. You should be using mysql_real_escape_string

[Adam]

You're missing a comma after '{$data['email']}'..

 

Field Type Collation Attributes Null Default Extra Action

id mediumint(4)  No None AUTO_INCREMENT             

first_name varchar(255) latin1_swedish_ci  No None               

last_name varchar(255) latin1_swedish_ci  No None               

address varchar(255) latin1_swedish_ci  No None               

mobile varchar(255) latin1_swedish_ci  No None               

email varchar(255) latin1_swedish_ci  No None               

username char(30) latin1_swedish_ci  No None               

password char(40) latin1_swedish_ci  No None   

 

Slightly off-topic, is there a specific reason you're using char over varchar for `username`? char data types pad the data to the specific field length with spaces.. So unless this is purposefully done, using varchar is better for memory.

 

[rightone]

Hi Pikachu2000 and PFMaBiSmAd,

 

I've been studying php and mysql for four hours a week over the past five months, but don't know exactly how to do what you guys suggest with the query string.

 

Could either of you ellaborate and/or give me the specific code needed to echo a $query string?

 

This may be easy for you guys, but at this stage in my IT studies, it's still a bit confusing.

[rightone]

Also, you are using 'mysql_escape_string' in the array_map() function. You should be using mysql_real_escape_string

 

Thank you PFMaBiSmAd,

 

I've updated that bit of code.

[Pikachu2000]

Since you already have the query string stored in the $query variable, you simply echo it like any other variable. For development, you may want to have it echo along with any error returned by MySQL if a query fails. On a live, production site, you don't want to send that type of output to the screen. Log it to the error log file, and display a generic error (if anything) to the user.

 

$query = "SELECT `whatever` FROM `table`;
if( $result = mysql_query($query) ) {
     // query ran
} else {
     // query failed so:
     echo "<br>Query: $query<br>Produced error: " . mysql_error() . '<br>';
}

[rightone]

You're missing a comma after '{$data['email']}'..

 

Field Type Collation Attributes Null Default Extra Action

id mediumint(4)  No None AUTO_INCREMENT             

first_name varchar(255) latin1_swedish_ci  No None               

last_name varchar(255) latin1_swedish_ci  No None               

address varchar(255) latin1_swedish_ci  No None               

mobile varchar(255) latin1_swedish_ci  No None               

email varchar(255) latin1_swedish_ci  No None               

username char(30) latin1_swedish_ci  No None               

password char(40) latin1_swedish_ci  No None   

 

Slightly off-topic, is there a specific reason you're using char over varchar for `username`? char data types pad the data to the specific field length with spaces.. So unless this is purposefully done, using varchar is better for memory.

 

Thank you MrAdam,

 

The missing comma after '{$data['email']}'.. was the problem!

 

It seems you need to be smart, And have the eyes of an eagle to be really good at this stuff.

 

As for the using char over varchar for `username`, that was what I was told to use by a diploma level IT sutudent.

 

[Adam]

As for the using char over varchar for `username`, that was what I was told to use by a diploma level IT sutudent.

 

Hmm well what I said is right, not sure what he was thinking there. Then again, just because he has an IT diploma doesn't necessarily mean he knows anything about databases.

 

The only time the char type would prove better for memory in this situation, is if the username length was the full 30 characters. In which case a varchar would need to use an extra byte (so 31 in total) to store the length; < 29 though and you're making a profit. That said, realistically, it's unlikely this will ever cause you problems.. So I wouldn't worry about it.