Script inserting same password for each user

lazykik

My create user script is inserting the same md5 password for every user that signs up and I'm having trouble finding the problem.

if ($_POST['password'] != $_POST['password2']){
DIE ("Passwords do not match. Please go back and re-enter your password information."); }
	$md5_password = md5($_POST['$password']);

    $query = $db->build_query('INSERT', array(
        'username'    => $_POST['username'],
		'password'    => $md5_password,
    );

	$sql = 'INSERT INTO users' . $query;

    if ( !($db->query($sql)) )
    {
        message_die('Could not add user information', '', __FILE__, __LINE__, $sql);
    }

thinfile

here is the problem: $_POST['$password']
notice the '$' in the '$password'.?

BTW: it's not a good idea to insert the data from the form post directly into the database. You might want to validate it beforehand.

--
Thin Slice Upload
Resumable large file upload with PHP.

moonbrat

$md5_password = md5($_POST['$password']);

Should be:

$md5_password = md5($_POST['password']);

AND this part:

$sql = 'INSERT INTO users' . $query;

Needs to be something like:

$sql = 'INSERT INTO users WHERE username LIMIT 1' . $query;

This will limit it to one person--the user with the username, not everyone.

Piranha

It seems that the problem with $_POST['$password'] is solved, so I won't say anything about that.

But moonbrat is wrong when it comes to the second thing. First thing is that WHERE parts of queries should always compare something (or say TRUE). "WHERE username" is not valid. Second thing is that INSERT INTO inserts a new row, and a WHERE part is not possible. But if you want to update a password then you should use something simular to moonbrat's suggestion:

 $sql = "UPDATE users SET password = '$pass' WHERE username = '$uname'";