I want to hash the user input and save it in a database but i only safe the same hash every time no matter what password i enter in. Why is this so ? i know that the function return the hash as hezadezimal but it should be diffrent with other passwords?
<!DOCTYPE html>
<html>
<body>
<form action="index3.php" method="post">
email: <input type="text" name="email"/>
passwort: <input type="text" name="passwort"/>
name: <input type="text" name="name"/>
<input type="submit" value="Registrieren" name="submit"/>
</form>
<?php
$file = "./logingfile.txt";
$filename = "./logingfile.txt";
$result = false;
$servername = "localhost";
$user = "root";
$pw = "";
$db = "user";
$con = new mysqli($servername, $user, $pw, $db);
if($con->connect_error){
die("ende".$con->connect_error);
}
$hashed = hash('sha256', $_POST["password"]); // i think here is the problem
$sql = "INSERT INTO login (id, name, email, passwort)
VALUES (NULL,'".$_POST["name"]."','".$_POST["email"]."','".$hashed."' )";
$result = $con->query($sql);
if($result == false){
echo $con->error;
}
echo $_POST["passwort"];
echo $hashed;
file_put_contents($filename, $sql, FILE_APPEND);
file_put_contents($filename, "n", FILE_APPEND);
?>
</body>
</html>
P.S: i know this isnt the securest code, its only for test purposes where i can understand a little bit about sql injections
Advertisement
Answer
That’s because of this line:
$hashed = hash('sha256', $_POST["password"]);
It should be $_POST["passwort"], just a mispelling