I want to hash the user input and save it in a database but i only safe the same hash every time no matter what password i enter in. Why is this so ? i know that the function return the hash as hezadezimal but it should be diffrent with other passwords?
<!DOCTYPE html> <html> <body> <form action="index3.php" method="post"> email: <input type="text" name="email"/> passwort: <input type="text" name="passwort"/> name: <input type="text" name="name"/> <input type="submit" value="Registrieren" name="submit"/> </form> <?php $file = "./logingfile.txt"; $filename = "./logingfile.txt"; $result = false; $servername = "localhost"; $user = "root"; $pw = ""; $db = "user"; $con = new mysqli($servername, $user, $pw, $db); if($con->connect_error){ die("ende".$con->connect_error); } $hashed = hash('sha256', $_POST["password"]); // i think here is the problem $sql = "INSERT INTO login (id, name, email, passwort) VALUES (NULL,'".$_POST["name"]."','".$_POST["email"]."','".$hashed."' )"; $result = $con->query($sql); if($result == false){ echo $con->error; } echo $_POST["passwort"]; echo $hashed; file_put_contents($filename, $sql, FILE_APPEND); file_put_contents($filename, "n", FILE_APPEND); ?> </body> </html>
P.S: i know this isnt the securest code, its only for test purposes where i can understand a little bit about sql injections
Advertisement
Answer
That’s because of this line:
$hashed = hash('sha256', $_POST["password"]);
It should be $_POST["passwort"]
, just a mispelling